Joining 2 fields value in one field

Hi there,
I am trying to combine two fields “from” and “to” into one “route” field.

  • I have created a pipeline for this and it worked using the “concat” function. but the problem is I can not apply that pipeline to existing records.

  • I have tried to create a “regex” extractor to combine both fields, but the problem is that it only captures the first matching group.

Any idea how can I make this?

by the way, I need this “route” field, to make a “Quick Values” query on both (“from” and “to”) fields, so if there is any way that I can do that using the web API, I would appreciate it.

Thank you

Finally I could do that using a regex-replace extractor. it allows joining matched groups in a new field.
although it’s sad that an extractor can not update existing messages and now I have to re-index the elastic.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.