Statedump of a for loop

mountaincode2 · 02-25-2024 08:59 PM

Hello!

I am trying to understand the statedump of a for loop.

Raw log in JSON:

{
   "data":{
      "businessPhones":[
         "(123) 234-2320",
         "(123) 234-2321"
      ]
   }
}

Parser:

filter {
  json {
    source => "message"
    array_function => "split_columns"
  }
  for phoneNumber in businessPhones {
      mutate {
        merge => {
          "user.phone_numbers" => "phoneNumber"
        }
      }      
    }
    statedump {}
}

Statedump:

Internal State (label=):

{
  "@createTimestamp": {
    "nanos": 0,
    "seconds": 1708923328
  },
  "@enableCbnForLoop": true,
  "@onErrorCount": 0,
  "@output": [],
  "@timezone": "",
  "data": {
    "businessPhones": {
      "0": "(123) 234-2320",
      "1": "(123) 234-2321"
    }
  },
  "message": "{\n   \"data\":{\n      \"businessPhones\":[\n         \"(123) 234-2320\",\n         \"(123) 234-2321\"\n      ]\n   }\n}\n"
}

Now I expected my output to be either one of the following:

Option 1:

user: {
            phone_numbers: "(123) 234-2320" 
            phone_numbers: "(123) 234-2321" 
}

Option 2:

"user": {
    "phone_numbers": [
      "(123) 234-2320",
      "(123) 234-2321"
    ]
}

Where am i going wrong here please?

@Dimarskyi was wondering if i could seek your guidance please.

Thank you.

DanHansen

Would it be, for phoneNumber in data.businessPhones, instead of just businessPhones? It looks like it's not locating businessPhones to remap.