Action: script
Set fields to computed values, perhaps conditionally
Available functions:
round(x)returns the nearest integer to a floating point number, likeround(tmillis/1000). Useful for converting bytes to kB, milliseconds since epoch to seconds since epoch, etc.sec_s()will return seconds since epoch,sec_ms()milliseconds since epoch.cidr(addr, spec)will match an IPv4 network address against a CIDR specification like '10.0.0.0/24'.ip2asnuses the Team Cymru services to match IP addresses to domain names.cond(condition, value1, value2)is a useful function that will returnvalue1if condition is true, otherwise returnsvalue2. E.g. status:cond(istat > 0,"ok","error").- hashes:
md5(txt)sha1(txt)sha256(txt)sha512(txt)
uuid()returns a Unique Identifier each time
See the full discussion
Field Summary
| Field Name | Type | Description | Default |
|---|---|---|---|
| condition | expression | Does operations only when the calculation is true | - |
| overwrite | bool | Overwrite a field if it already exists | false |
| let | array of (field,expression) pairs | Add calculated values to the event | - |
| set | array of (field,value) pairs | Add constants to the event | - |
| load | path | Load a file containing Lua functions into the current context | - |
| run | string | Run the specified function on each action | - |
Fields
condition
Type: expression
Does operations only when the calculation is true
Example
Input:
{"num":1}
Pipe Language Snippet:
script:
condition: num == 1
let:
- is_one: "true"
Output:
{"num":1,"is_one":true}
Example: Non-matching condition
Input:
{"num":2}
Pipe Language Snippet:
script:
condition: num == 1
let:
- is_one: "true"
Output:
{"num":2}
overwrite
Type: bool
Default: false
Overwrite a field if it already exists
let
Type: array of (field,expression) pairs
Add calculated values to the event
Example
Input:
{"one":1,"two":2}
Pipe Language Snippet:
script:
let:
- one_plus_two: one + two
Output:
{"one":1,"two":2,"one_plus_two":3}
Example: Array access (note 1-based index)
Input:
{"one_two":[1,2]}
Pipe Language Snippet:
script:
let:
- one: one_two[1]
- two: one_two[2]
Output:
{"one_two":[1,2],"one":1,"two":2}
Example: Subfield access
Input:
{"data":{"one":1,"two":2}}
Pipe Language Snippet:
script:
let:
- one: data.one
- two: data.two
Output:
{"data":{"one":1,"two":2},"one":1,"two":2}
set
Type: array of (field,value) pairs
Add constants to the event
Example
Input:
{"one":1,"two":2}
Pipe Language Snippet:
script:
set:
- three: 3
- four: four
Output:
{"one":1,"two":2,"three":3,"four":"four"}
load
Type: path
Load a file containing Lua functions into the current context
run
Type: string
Run the specified function on each action