In Watcher, i'm trying to extract the @timestamp
field from payload
return [
'my_group_array': ctx.payload.hits.hits,
'my_group_fields': ctx.payload.hits.hits.stream()
.map(t-> {return ['timestamp': t._source.@timestamp, 'eventSource': t._source.eventSource, 'eventName': t._source.eventName, 'recipientAccountId': t._source.recipientAccountId, 'userIdentity': t._source.userIdentity.principalId]})
.collect(Collectors.toList())
]
the @
symbol causes the problem as the above works if I replace a similar eventtime field. Any idea how to extract variable which has @
in it within a watcher transform? I've tried enclosing with double quotes, but still fails
Error in case if anyone have seen this before
[script_exception] compile error, with { script_stack={ 0="... ['timestamp': t._source.@timestamp, 'eventSourc ..." & 1=" ^---- HERE" } & script="\r\n return [\r\n 'my_group_array': ctx.payload.hits.hits,\r\n 'my_group_fields': ctx.payload.hits.hits.stream()\r\n .map(t-> {return ['timestamp': t._source.\"@timestamp\",
Incoming data is
{
"_index": "myindex",
"_type": "_doc",
"_source": {
"@timestamp": "2020-10-28T16:02:19.676Z",
"eventSource": "kms.amazonaws.com",
"eventName": "blahal",
"recipientAccountId": "12345",
"userIdentity": {
"principalId": "xxxxxxxxxyyyyyyyy"
}