Hello,
I have an input log string which contains some easy to regex-matching keywords. I want to index them as an array of values. E.g.
"message"="User's locations: locERTY locRUIE locFGHD locTYUS"
The below code successfully does what I want, in the tag field:
ruby {
code => 'event.get("message").scan(/loc[A-Z]{4}/).each {|loc| event.tag(loc)}'
}
So, this outputs:
"tags": [
"locERTY",
"locRUIE",
"locFGHD",
"locTYUS"
]
Now, since I have several such lists, I want to use custom field names, instead of tag. The closest I got was this, which is not perfect because the result output is a key-value pair:
ruby {
code => 'i=0; event.get("message").scan(/loc[A-Z]{4}/).each {|loc| event.set("[locs][#{i}]",loc); i+=1}'
}
This outputs:
"locs": [
"0":"locERTY",
"1":"locRUIE",
"2":"locFGHD",
"3":"locTYUS"
]
How can I output a custom loc field similar to the tag one above (with ruby or not)?
Thank you!