I can not figure out what I’m doing wrong here for the life of me. I’m trying to use a regex to look at the source field and determine which QA node the message came from, then set a field with the qa number so I can sort the message to a stream in a later pipeline.
My code looks fine, and I get no errors when I’m in the Pipeline rule editor. But when I save the rule and attach the pipeline to a Stream, I get this Indexer error:
{"type":"mapper_parsing_exception","reason":"object mapping for [qa_node] tried to parse field [qa_node] as object, but found a concrete value"}
And then no messages go into that stream anymore.
At this point, my code looks like this:
rule "what qa node"
when
(has_field("source") AND contains(to_string($message.source), "qa"))
then
let n = regex("^qa(\\d+).?", to_string($message.source), ["num"]);
let node = n["num"];
set_field("qa_node", node);
end
I’ve tried using let node = n.num;
I’ve tried set_field(“qa_node”, n.num);
I’ve tried set_field(“qa_node”, n[“num”]);
None have worked so far.
It’s worth noting that if I use:
set_field(“qa_node”, n);
The regex works, and it sets “qa_node” to {“num”, “11”} (Assuming it saw qa11 in the $message.source field). How can I get it to be just ‘11’?