add
Add new fields to an event
Example
input:
{"one":1}
action:
add:
output-fields:
- two: 2
- three: 3
output:
{"one":1,"two":2.0,"three":3.0}
| Field Name | Description | Type | Default |
|---|---|---|---|
| condition | Only run this action if the condition the specified condition is met | expression | - |
| fields | Fields where values are stored | array of (field,value) pairs | - |
| template | Template substitution, for more complex output | templated text | - |
| template-file | Template substitution from provided file, for more complex output | path | - |
| template-result-field | A way of creating arbitrary documents for passing to output | field | - |
| overwrite | Force values in already-existing fields to be replaced | bool | false |
condition
Only run this action if the condition the specified condition is met
Type: expression
fields
Fields where values are stored
Note: If the field already exists, its value will not be over-written, unless overwrite: true
Type: array of (field,value) pairs
Example: Plain values
input:
{}
action:
add:
output-fields:
- one: 1
- two: 2
- three: 3
output:
{"one":1.0,"two":2.0,"three":3.0}
Example: Complex values
input:
{}
action:
add:
output-fields:
- one: 1
- two: 2
- three-four: [3,4]
- five-six:
five: 5
six: 6
output:
{"one":1.0,"two":2.0,"three-four":[3.0,4.0],"five-six":{"five":5.0,"six":6.0}}
Example: Field expansions
input:
{"one":1,"two":2}
action:
add:
output-fields:
- another-one: ${one}
- another-two: yet another ${two}
output:
{"one":1,"two":2,"another-one":"1","another-two":"yet another 2"}
Example: Field expansions, with nested fields
input:
{"one-two":[1,2],"three-four":{"three":3,"four":4.0}}
action:
add:
output-fields:
- one: ${one-two.0}
- two: ${one-two.1}
- three: ${three-four.three}
- four: ${three-four.four}
output:
{"one-two":[1,2],"three-four":{"three":3,"four":4.0},"one":"1","two":"2","three":"3","four":"4.0"}
Example: Field names can contain field references
input:
{"one":1}
action:
add:
output-fields:
- another-${one}: ${one}
output:
{"one":1,"another-1":"1"}
template
Template substitution, for more complex output
The template must result in a valid JSON document, which will be merged with the input event
Type: templated text
Example
input:
{"one":1}
action:
add:
template: |
{
"another-one": ${one},
"tags": ["yoyo",${one}]
}
output: '{"one":1,"another-one":1,"tags":["yoyo",1]}'
template-file
Template substitution from provided file, for more complex output
Like template, except using a file. Easier to edit well-formed JSON templates
Type: path
Example
file: some-file
{
"another-one": ${one},
"tags": ["yoyo",${one}]
}
input:
{"one":1}
action:
add:
template-file: some-file
output:
{"one":1,"another-one":1,"tags":["yoyo",1]}
template-result-field
A way of creating arbitrary documents for passing to output
Only applies to template or template-file. The template
does not have to be valid JSON. (In this example, it is YAML)
Type: field
Example
input:
{"one":1,"two":2}
action:
add:
template-result-field: results
template: |
results:
one: ${one}
two: ${two}
output:
{"one":1,"two":2,"results":"results:\n one: 1\n two: 2\n"}
overwrite
Force values in already-existing fields to be replaced
Type: bool
Example
input:
{"one":1}
action:
add:
overwrite: true
output-fields:
- one: 0
- two: 1
output:
{"one":0,"two":1.0}