Statedump of a for loop

Hello!

I am trying to understand the statedump of a for loop.

Raw log in JSON:

{
   "data":{
      "businessPhones":[
         "(123) 234-2320",
         "(123) 234-2321"
      ]
   }
}

Parser:

filter {
  json {
    source => "message"
    array_function => "split_columns"
  }
  for phoneNumber in businessPhones {
      mutate {
        merge => {
          "user.phone_numbers" => "phoneNumber"
        }
      }      
    }
    statedump {}
}

Statedump:

Internal State (label=):

{
  "@createTimestamp": {
    "nanos": 0,
    "seconds": 1708923328
  },
  "@enableCbnForLoop": true,
  "@onErrorCount": 0,
  "@output": [],
  "@timezone": "",
  "data": {
    "businessPhones": {
      "0": "(123) 234-2320",
      "1": "(123) 234-2321"
    }
  },
  "message": "{\\n   \\"data\\":{\\n      \\"businessPhones\\":[\\n         \\"(123) 234-2320\\",\\n         \\"(123) 234-2321\\"\\n      ]\\n   }\\n}\\n"
}

Now I expected my output to be either one of the following:

Option 1:

user: {
            phone_numbers: "(123) 234-2320" 
            phone_numbers: "(123) 234-2321" 
}

Option 2:

"user": {
    "phone_numbers": [
      "(123) 234-2320",
      "(123) 234-2321"
    ]
}

Where am i going wrong here please?

@Dimarskyi was wondering if i could seek your guidance please.

Thank you.

Page 1 / 1

Would it be, for phoneNumber in data.businessPhones, instead of just businessPhones? It looks like it's not locating businessPhones to remap.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded