Hello,
I am fairly new to Elastic and I have been working through getting Office 365 data into ECS format. I am looking for a solution to convert a numerical value (key) to a known string value.
I know a simple solution would be to create an if/else block and "if int = x, then string = y" but I have 40+ values for this and I do not want to turn my pipeline into a mess just to solve this problem.
The two solutions I have thought of but do not know how to properly implement would be to either make a JSON object that correlates key to value pairs that is relative to the Logstash pipeline or to store my string values in a list and have the numeric value be the index of the proper string. Either of these solutions would be exceptionally easy to program in most cases but I cannot find information on how to properly do something like this in Logstash.
From what I can tell it looks like my best option is going to be using the Ruby filter to initialize the list and use the values as the index, but I would prefer not to have to use the Ruby filter if possible.
I have also considered the CSV filter but I have tried to work with that in the past with little success so I am not all that interested in going down that route unless the overhead of doing so is significantly less than other options.
Just looking for a little insight on how this might be handled. If there is no simple or clean solution, I might consider using scripted fields as well.
Thank you for your time!