diff --git a/data-prepper-plugins/geoip-processor/geo-lite2/SampleFile1.txt b/data-prepper-plugins/geoip-processor/geo-lite2/SampleFile1.txt new file mode 100644 index 0000000000..6504bdde28 --- /dev/null +++ b/data-prepper-plugins/geoip-processor/geo-lite2/SampleFile1.txt @@ -0,0 +1 @@ +This is sample file 1 \ No newline at end of file diff --git a/data-prepper-plugins/geoip-processor/geo-lite2/SampleFile2.txt b/data-prepper-plugins/geoip-processor/geo-lite2/SampleFile2.txt new file mode 100644 index 0000000000..227fda5705 --- /dev/null +++ b/data-prepper-plugins/geoip-processor/geo-lite2/SampleFile2.txt @@ -0,0 +1 @@ +This is sample file 2 \ No newline at end of file diff --git a/data-prepper-plugins/geoip-processor/geo-lite2/SampleFile3.txt b/data-prepper-plugins/geoip-processor/geo-lite2/SampleFile3.txt new file mode 100644 index 0000000000..8ff444a5a6 --- /dev/null +++ b/data-prepper-plugins/geoip-processor/geo-lite2/SampleFile3.txt @@ -0,0 +1 @@ +This is sample file 3 \ No newline at end of file diff --git a/data-prepper-plugins/geoip-processor/geo-lite2/SampleFile4.txt b/data-prepper-plugins/geoip-processor/geo-lite2/SampleFile4.txt new file mode 100644 index 0000000000..aaaa6480ae --- /dev/null +++ b/data-prepper-plugins/geoip-processor/geo-lite2/SampleFile4.txt @@ -0,0 +1 @@ +This is sample file 4 \ No newline at end of file diff --git a/data-prepper-plugins/geoip-processor/geo-lite2/SampleFile5.txt b/data-prepper-plugins/geoip-processor/geo-lite2/SampleFile5.txt new file mode 100644 index 0000000000..43aaa49dc8 --- /dev/null +++ b/data-prepper-plugins/geoip-processor/geo-lite2/SampleFile5.txt @@ -0,0 +1 @@ +This is sample file 5 \ No newline at end of file diff --git a/data-prepper-plugins/opensearch/src/main/java/org/opensearch/dataprepper/plugins/sink/opensearch/OpenSearchSink.java b/data-prepper-plugins/opensearch/src/main/java/org/opensearch/dataprepper/plugins/sink/opensearch/OpenSearchSink.java index 888ef518c5..7764b2e9e8 100644 --- a/data-prepper-plugins/opensearch/src/main/java/org/opensearch/dataprepper/plugins/sink/opensearch/OpenSearchSink.java +++ b/data-prepper-plugins/opensearch/src/main/java/org/opensearch/dataprepper/plugins/sink/opensearch/OpenSearchSink.java @@ -424,13 +424,18 @@ public void doOutput(final Collection> records) { for (final Record record : findings) { final Event event = record.getData(); final String ruleEngineId = event.get("RULE_ENGINE_DOC_MATCH_ID", String.class); - final String docId = ruleEngineIdToDocId.get(ruleEngineId).get(0); - final String docIndexName = ruleEngineIdToDocId.get(ruleEngineId).get(1); final List replacementFields = event.getList("RULE_ENGINE_DOC_ID_REPLACEMENT_FIELDS", String.class); final String indexName = event.get("FINDINGS_INDEX_NAME", String.class); - event.put("index", docIndexName); - replacementFields.forEach(field -> event.put(field, docId == null ? Collections.emptyList() : List.of(docId))); + final List docInfo = ruleEngineIdToDocId.get(ruleEngineId); + if (docInfo != null) { + final String docId = docInfo.get(0); + final String docIndexName = docInfo.get(1); + event.put("index", docIndexName); + replacementFields.forEach(field -> event.put(field, List.of(docId))); + } else { + replacementFields.forEach(field -> event.put(field, Collections.emptyList()); + } event.delete("RULE_ENGINE_DOC_MATCH_ID"); event.delete("RULE_ENGINE_DOC_ID_REPLACEMENT_FIELDS");