Hello,
I have a simple question on arrays coming into Logstash.
Lets say I have this example:
| Field | Value |
| data.root | [true, false] |
This is expected behavior.
What I want to do:
Copy the first value of data root to a new field, how would I do it?
I tried to do mutate filter:
mutate {
copy => { "[data][root][0]" => "[data][first]"}
}
But it's not working, I assume I am not identifying it correctly?
I figured it out!
The issue was the field name was not identified correctly.
Based on my data structure, the array was parsed from data.
data {
[0] { "root": "true"}
[1] { "root": "false"}
}
So it worked by:
[data][0][root]
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.