Extract

Extract (`extract`)

Extract fields from text using regular expressions.

Transform json

Minimal example

actions:
  - extract:
      pattern: ""

JSON

{
  "actions": [
    {
      "extract": {
        "pattern": ""
      }
    }
  ]
}

Minimal example
Fields
General
Input
Output
Warnings
Pattern
Mapping
Substitution
Schema

Fields

Field	Type	Required	Description
`pattern` Pattern	`regex` (`string`)	✅	Pattern containing named groups. Default is to use the group names. Examples: `\d+[A-Z]*`
`description` General	`string`		describe this step.
`condition` General	`lua-expression` (`string`)		Only run this action if the specified condition is met. Examples: `2 * count()`
`input-field` Input	`field` (`string`)		The field containing the text. Examples: `data_field`
`remove` Output	`boolean` (`bool`)		Remove field containing text afterwards.
`suppress-warnings` Warnings	`boolean` (`bool`)		Suppress warnings generated by this action.
`drop` Warnings	`boolean` (`bool`)		Don’t pass through failed matches.
`output-fields` Mapping	`string[]`		field names to match with each matched group.
`convert` Mapping	`map` (`string`)		Optionally convert these fields afterwards. If `fields` is omitted, the keys from `convert` are used as the extracted field names.
`output-pattern` Substitution	`string`		Optionally, do a substitution using text containing $1, $2, etc. referring to captured groups.
`output-field` Substitution	`field` (`string`)		Write to this field if doing a substitution. Examples: `data_field`

General

Show fields

Field	Type	Required	Description
`description`	`string`		describe this step.
`condition`	`lua-expression` (`string`)		Only run this action if the specified condition is met. Examples: `2 * count()`

Input

Show fields

Field	Type	Required	Description
`input-field`	`field` (`string`)		The field containing the text. Examples: `data_field`

Output

Show fields

Field	Type	Required	Description
`remove`	`boolean` (`bool`)		Remove field containing text afterwards.

Warnings

Show fields

Field	Type	Required	Description
`suppress-warnings`	`boolean` (`bool`)		Suppress warnings generated by this action.
`drop`	`boolean` (`bool`)		Don’t pass through failed matches.

Pattern

Show fields

Field	Type	Required	Description
`pattern`	`regex` (`string`)	✅	Pattern containing named groups. Default is to use the group names. Examples: `\d+[A-Z]*`

Mapping

Show fields

Field	Type	Required	Description
`output-fields`	`string[]`		field names to match with each matched group.
`convert`	`map` (`string`)		Optionally convert these fields afterwards. If `fields` is omitted, the keys from `convert` are used as the extracted field names.

Substitution

Show fields

Field	Type	Required	Description
`output-pattern`	`string`		Optionally, do a substitution using text containing $1, $2, etc. referring to captured groups.
`output-field`	`field` (`string`)		Write to this field if doing a substitution. Examples: `data_field`

Schema

Convert Table

Convert Table

Field	Type
`event.field`	`str`

Key format: field.

Extract

Extract (extract)

Minimal example

Contents

Fields

General

Input

Output

Warnings

Pattern

Mapping

Substitution

Schema

Convert Table

Extract (`extract`)