Teach me, oh Pipeline Wizards....I have DNS Header Flag fields coming in that are boolean, like `aa: false`, `ra: true`, `rd: true`, `tc: false`, etc. I would like to convert this to ECS by just having one object (`dns.header_flags`) with an array of the header flag names show in an array if their above referenced field value is `true`. So the JSON would end up being structured like this.```"dns": { "header_flags": [ "rd","rd" ],```And the false fields would be dropped. I would also like to be able to do this in one function instead of a function with a filter for each potential Header Flag Field.
Question
DNS Header Flag fields that are boolean, can I convert this to ECS by just having one object
the really great thing about Cribl using JS for its processing language is it's so easy to code by ~google~ duckduckgo
no, it's more generic. will help with the basics
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.