Ingest: foreach + grok processor - how to write result into an array?

jarda-manana · June 21, 2017, 12:09pm

Hi,
I'm trying to use grok processor within a foreach processor, but I'm failing. I don't know how to write new sub-fields in grok processor.

Example document:

{
     "f": ["a 1", "b 2"]
}

Wanted result:

{
     "f": ["a 1", "b 2"],
     "f.word": ["a", "b"],
     "f.number": [1, 2]
 }

Or:

{
    "f": [
            {"word": "a",
             "number": 1},
            {"word": "b",
              "number": 2}
           ]
}

Is something like this achievable? Thanks...

system · July 19, 2017, 12:09pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Pipelines - Losing values with Foreach and Grok Elasticsearch	2	1041	December 3, 2018
(Ingest Pipeline) Grok on an Array using Foreach -> Pipeline processors Elasticsearch	2	1547	September 16, 2020
Ingest: transforming multiple values in an array Elasticsearch ingest-pipeline	3	534	November 30, 2023
Foreach Ingest processor + conditional append processor Elasticsearch painless	3	2036	February 26, 2020
Elasticsearch GeoIP Processor inside foreach processor Elasticsearch ingest-pipeline	1	253	August 23, 2022