Hi
I will try to explain what I'm in
I have these lines in a log
ID:1,PID:123, Path:\123\123
ID:2,PID:234, Path:\234\234
ID:1,PID:345, Path:\345\345
The result of indexed doc I need to get
_Id: 1
PID0:123
Path0:\123\123
PID1:345
Path1:\345\345
_Id: 2
PID0:234
Path0:\234\234
If this possible? make a sequential name field from new data? PID0, PID1, PID2, PID3, Path0, Path1,Path2....
Thanks! 
You could do that with an aggregate filter.Accumulate PID and Path into arrays, then after a timeout iterate over the arrays in ruby and add fields to the event.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.