How do I split a field and put the split strings into multiple target fields using split processor in Elasticsearch ?
For e.g, I have a logline https://live-integration-msp-edge.connectcdn.net/mm/dash/live/7047/LIVESERVICE_7001/TG_STB_HD.mpd?antid=VU5LTk9XTi1XSElURUxJU1Q%3D&i=1&ih=in&nwk=WIFI&pk=1&sid=46166966468451548893898&sst=main&uid=299105e2-604a-4306-a46e-5be86b9d684e http/1.1"" 404 246 404 246 0 0 512 487 614 474 0.093 0.017 DIRECT FIN FIN TCP_MISS ""MOBI_EXO2Player;Dalvik/2.1.0 (Linux; U; Android 7.1.2; AFTN Build/NS6258)"" eb89a6d9-2d77-4775-9d42-b7e7d608e615".
I ama using the grok
"%{IP:source_ip} %{GREEDYDATA} [%{HTTPDATE:request_date}] "%{WORD:http_method} %{URIPROTO:http_proto}://%{URIHOST:uri_host}%{URIPATH:uri_path}%{GREEDYDATA:uri_query} http/%{NUMBER:http_version}" %{NUMBER:response_code} %{NUMBER:bytes_sent} %{NUMBER:origin_response_code} %{NUMBER:origin_bytes_sent} %{NUMBER:client_req_content_length} %{NUMBER:proxy_req_length} %{NUMBER:client_req_header_length} %{NUMBER:proxy_resp_header_length} %{NUMBER:proxy_req_header_length} %{NUMBER:origin_header_resp_length} %{NUMBER:time_to_serve:} %{NUMBER:origin_time_to_serve:} %{WORD:proxy_hierarchy_route} %{WORD:finish_status_client} %{WORD:finish_status_origin} %{WORD:cache_result_code} "%{GREEDYDATA:user_agent}" %{GREEDYDATA:x_play_back_session_id}"
I want to keep this field as uri_path and split it into multiple target fields using the separator "/" using split processor.
Here, uri_path is mm/dash/live/7047/LIVESERVICE_7001/TG_STB_HD.mpd