Hi,
I have a Start_Time field that I wants to split in all documents using the split filter.
But split filter only takes string and array, So i tried to use mutate filter to covert Start_Time field to string. But still getting the same error from Split Plugin that
"split - Only String and Array types are splittable. field:Start_Time is of type = NilClass"
Any suggestion please
That suggests there is an event that does not contain the Start_Time field.
Hi,
Thanks for support,
My understanding was not correct for split plugin.
I will try to explain the problem I am acing here.
I am parsing some XML files using xml filter, that is working perfectly fine.
The problem is start_time field is only available in one Document and rest of the documents does not have a start time. So I wants to put Start_Time from one document to all of the rest documents.
Could you please suggest which plugin i can use to achieve this.
{
"@timestamp" => 2020-03-24T09:47:50.807Z,
"@version" => "1",
"Start_Time" => "2020-03-05T12:57:00+01:00"
}
{
"@timestamp" => 2020-03-24T09:47:50.807Z,
"Measurement_Results" => [
"1 0 0 0 1 0 0 0 0 0 "
],
"End_Time" => [
"2020-03-05T12:58:00+01:00"
],
"@version" => "1",
"Measurement_Object_Name" => [
"test"
],
"Measurement_Object" => [
"test-ldn"
],
"Measurement_Info_ID" => [
"id001"
],
"Measurement_Type" => [
"a b c d e f g h i j"
]
}
from the first document i wants to copy "Start_Time" to document below and so on..
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.