I need some advice on whether I have come to the limits of ingest processing, or maybe there is another option.
We're using ES 7.9.3, and receiving logs with winlogbeat. (Logstash is not in play)
The logs I'm interested in are from an email system, have multiline content, and include a list of recipients, over multiple lines. (multiline means one string with \n characters.)
Each recipient in the list has multiple attributes (eg address and name).
Is it possible to generate an array of recipients, eg
from:
"message": " ... \nRecipients\nRecipient\nName:Alice\nAddress:alice@example.com\nRecipient\nName:Bob\nAddress:bob@example.org\n"
to:
"recipients": [
{ "name": "alice", "address": "alice@example.com" },
{ "name": "bob", "address": "bob@example.org" }
]
Is it possible to do the above? Samples would be great.