Extract array
editExtract array
editThis functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
The extract_array processor populates fields with values read from an array
field.
Example
editThe following example populates source.ip with the first element of
the my_array field, destination.ip with the second element, and
network.transport with the third.
- extract_array:
field: my_array
mappings:
source.ip: 0
destination.ip: 1
network.transport: 2
Configuration settings
editElastic Agent processors execute before ingest pipelines, which means that your processor configurations cannot refer to fields that are created by ingest pipelines or Logstash. For more limitations, refer to What are some limitations of using processors?
| Name | Required | Default | Description |
|---|---|---|---|
|
Yes |
The array field whose elements are to be extracted. |
|
|
Yes |
Maps each field name to an array index. Use 0 for the first element in the array. Multiple fields can be mapped to the same array element. |
|
|
No |
|
Whether to ignore events where the array field is missing. If |
|
No |
|
Whether to overwrite target fields specified in the mapping if the fields already exist. If |
|
No |
|
If |
|
No |
|
Whether empty values are extracted from the array. If |