Hi,
I have set up the following rule in a pipeline:
rule "Fortinet parsing"
when
has_field("message")
then
// extract all key-value from "message" and prefix it with kv_
set_fields(
fields:
key_value(
value: to_string($message.message),
trim_value_chars: "\""
)
);
route_to_stream(id:"........", remove_from_default:true);
end
but when it comes to values that have whitespace they get cut off, like this:
I tried delimiter but its not working:
key_value(
value: to_string($message.message),
trim_value_chars: “”",
trim_key_chars:""", delimiters:" “,
kv_delimiters:”=") );
How can I get it to ignore the whitespace if it’s part of a value?
Thank you