Iterate entries in ctx.payload

muraliv · June 5, 2019, 11:14am

Hi,

I have the following entries in ctx.payload and the entries are by user id. The first entry is the timestamp and the 2nd entry is the number of times the user failed to login in that bucket.

mydomain\user1=[1559669100000 2, 1559669160000 2, 1559669237000 2, 1559669280000 2, 1559669294000 1, 1559669295000 1],mydomain\user2=[1559669100000 2, 1559669160000 2, 1559669237000 2, 1559669280000 2, 1559669294000 1, 1559669295000 1]

I need help with mapping them into individual fields.

Thanks in advance.

Thanks
Murali

muraliv · June 6, 2019, 11:27am

Hi All,

I was able to figure it out :-). This is what I did.

"script": "return ['_doc':ctx.payload.entrySet().stream().flatMap(value -> value.getValue().stream().map(time_failedlogin -> ['@timestamp':time_failedlogin.substring(0,time_failedlogin.lastIndexOf(' ')), 'failed_logins':time_failedlogin.substring(time_failedlogin.lastIndexOf(' ')+1), 'alerttype': 'Login Failure', 'username':value.getKey()])).collect(Collectors.toList())];"

Thanks
Murali

system · July 4, 2019, 11:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.