With xpath, within xml filter, I get the fields returned as below, with each element in its array:
"PhaseName" => [
[ 0] "CRITICAL",
[ 1] "TEST",
[ 2] "OTHER",
[ 3] "XYZ"
]
"PhaseState" => [
[ 0] "NA",
[ 1] "NA",
[ 2] "NA",
[ 3] "SUCCESSFUL"
]
How to format xpath, to return data corresponding to the correct field, in an array together?
Looking to achieve result such as:
{GlobalState=OK
[Phase Name=>"CRITICAL", State=>"NA"]
[Phase Name=>"TEST", State=>"NA"]
}
I can have multiple phase states, for each given output.
You'll have to use a ruby filter. This exact question came up a couple of months ago so you might be able to find a solution in that thread. The zip function of Ruby arrays should be useful to you.
I have found a ruby solution for this, just as you say. I parsed the data and then was able to use the following:
ruby {
code => '
event.set("GlobalState", event.get("[parsed][specifc-location][0][GlobalState]"))
'
}
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.