My logs contain arbitrary array elements e.g. item[0]=value0, item[1]=value1.
The number of elements can vary from logline to logline.
I'm looking for a way to parse those elements and combine them into an array, e.g. items=[value0, value1] or join them into a string, but I haven't found any filter so far that appears to cover this use case.
Use a kv filter to parse the key=value pairs in the string into fields. Then write a piece of Ruby code in a ruby filter that processes the resulting fields and gathers the values of the fields whose names have the form order_items[ids][n].
Magnus, thanks for the hint. I actually do use a kv filter already. I would have expected to do the rest without a Ruby filter, but seems I'll have to regardless. I'll see what I can come up with.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.