Pipeline whitespace issues

Hi,

I have set up the following rule in a pipeline:

rule "Fortinet parsing"
when
    has_field("message")
then
    // extract all key-value from "message" and prefix it with kv_ 
    set_fields(
                fields: 
                        key_value(
                            value: to_string($message.message),
                            trim_value_chars: "\""
                            )
            );
    route_to_stream(id:"........", remove_from_default:true);
end

but when it comes to values that have whitespace they get cut off, like this:

I tried delimiter but its not working:

key_value(
value: to_string($message.message),
trim_value_chars: “”",
trim_key_chars:""", delimiters:" “,
kv_delimiters:”=") );

How can I get it to ignore the whitespace if it’s part of a value?

Thank you

I think, it’s a known problem with key_value pipeline function.

Try to use extractor key=value, it should work fine also with spaces:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.