I've create a rule whose connector is write to index. I wonder if possible to parse context_hits to create an additional field when hit the rule.
For example I would like to create an additional field called message only containing subfield messages from dictionary {{context_hits }}
Thanks
I spotted how to achieve that.
putting in the document to index the following field:
"host": "{{context.hits.0._source.host_name}}"
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.