Split

Learn about the Split OTTL converter function.

  less than a minute  

Overview

The Split converter splits a string into an array based on a specified delimiter.

Syntax

Split(value, separator)

  • value: the bracket notation location of the string to split
  • separator: the delimiter string to use for splitting

Examples

Input

{
	"_type": "log",
	"timestamp": 1734585789794,
	"body": "host=172.17.15.39,user-identifier=68b148de-7ce3-423c-b72d-64a4f21ecfc0,time_local=2024-12-15T22:40:53.723160Z,method=POST,request=/styles/main.css,protocol=HTTP/2,status=403,bytes_sent=1043",
	"resource": {...},
	"attributes": {
		"decoded_body": "host=172.17.15.39,user-identifier=68b148de-7ce3-423c-b72d-64a4f21ecfc0,time_local=2024-12-15T22:40:53.723160Z,method=POST,request=/styles/main.css,protocol=HTTP/2,status=403,bytes_sent=1043"
	}
}

Statement

set(attributes["split"], Split(attributes["decoded_body"], ","))

Output

{
	"_type": "log",
	"timestamp": 1734585827627,
	"body": "host=172.17.15.39,user-identifier=68b148de-7ce3-423c-b72d-64a4f21ecfc0,time_local=2024-12-15T22:40:53.723160Z,method=POST,request=/styles/main.css,protocol=HTTP/2,status=403,bytes_sent=1043",
	"resource": {...},
	"attributes": {
		"decoded_body": "host=172.17.15.39,user-identifier=68b148de-7ce3-423c-b72d-64a4f21ecfc0,time_local=2024-12-15T22:40:53.723160Z,method=POST,request=/styles/main.css,protocol=HTTP/2,status=403,bytes_sent=1043",
		"split": [
			"host=172.17.15.39",
			"user-identifier=68b148de-7ce3-423c-b72d-64a4f21ecfc0",
			"time_local=2024-12-15T22:40:53.723160Z",
			"method=POST",
			"request=/styles/main.css",
			"protocol=HTTP/2",
			"status=403",
			"bytes_sent=1043"
		]
	}
}

The string decoded_body was split into an array split.

Dynamic arguments

The delimiter argument can be read from a field instead of a literal string.

Input

{
	"_type": "log",
	"body": {
		"message": "ERROR: Connection to db-primary-west failed",
		"split_delim": " "
	},
	"resource": {...},
	"attributes": {}
}

Statement

set(attributes["split_dynamic"], Split(body["message"], body["split_delim"]))

Output

{
	"_type": "log",
	"body": {
		"message": "ERROR: Connection to db-primary-west failed",
		"split_delim": " "
	},
	"resource": {...},
	"attributes": {
		"split_dynamic": [
			"ERROR:",
			"Connection",
			"to",
			"db-primary-west",
			"failed"
		]
	}
}

The delimiter (a space character) was read from body["split_delim"] and used to split the message into an array of words.