Parsing array elements in logs into array

My logs contain arbitrary array elements e.g. item[0]=value0, item[1]=value1.
The number of elements can vary from logline to logline.

I'm looking for a way to parse those elements and combine them into an array, e.g. items=[value0, value1] or join them into a string, but I haven't found any filter so far that appears to cover this use case.

Can you give a concrete example of a log entry?

Of course, here's one:

rnd=0.013803167429344732&version=1.0&_l=https://www.example.de/checkout/success&_ld=www.example.de&_r=https://www.example.com/webapps/hermes?flow=1-P&ulReturn=true&token=EC-token&useraction=commit&country.x=DE&locale.x=de_DE&_rd=www.example.com&siteid=443286&item[name]=Order Done&order[id]=DE606153525&order[shipping]=0.00&order[revenue]=35.03&order[profit]=0.00&order[currency]=EUR&order_items[ids][0]=364110&order_items[ids][1]=1000857&order_items[prices][0]=23.16&order_items[prices][1]=11.87&order_items[quantities][0]=1&order_items[quantities][1]=1&category[name]=Order&category[path]=order/done&r=0.09882929320583189&u=05ht69iasqdt.1509025003878&remote_addr=1.1.1.1&time=1511875322&user_agent=Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0&_auid=8317460762713324393&cookie__auid=8317460762713324393

Typical example above is order_items[ids][n] fields.

Use a kv filter to parse the key=value pairs in the string into fields. Then write a piece of Ruby code in a ruby filter that processes the resulting fields and gathers the values of the fields whose names have the form order_items[ids][n].

Magnus, thanks for the hint. I actually do use a kv filter already. I would have expected to do the rest without a Ruby filter, but seems I'll have to regardless. I'll see what I can come up with.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.