0
0
Elasticsearchquery~20 mins

Ingest processors (grok, date, rename) in Elasticsearch - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Ingest Processor Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Predict Output
intermediate
2:00remaining
What is the output of this Grok processor simulation?

Given the following Grok pattern and input string, what will be the value of the field status_code after processing?

{"grok": {"field": "message", "patterns": ["%{WORD:method} %{URIPATHPARAM:request} %{NUMBER:status_code:int}"]}}

Input message: GET /home 200

A200
BGET
C/home
Dnull
Attempts:
2 left
💡 Hint

Look at the pattern and which part is assigned to status_code.

Predict Output
intermediate
2:00remaining
What is the resulting timestamp after the date processor?

Given this date processor configuration:

{"date": {"field": "timestamp", "formats": ["yyyy-MM-dd HH:mm:ss"]}}

And the input document field timestamp with value 2024-06-15 14:30:00, what will be the resulting value of timestamp after processing?

Anull
B"2024-06-15 14:30:00"
C"2024-06-15T14:30:00.000Z"
D"15-06-2024 14:30:00"
Attempts:
2 left
💡 Hint

The date processor converts the string to an ISO8601 timestamp.

Predict Output
advanced
2:00remaining
What is the final document after rename processor?

Given this rename processor configuration:

{"rename": {"field": "old_field", "target_field": "new_field"}}

And the input document:

{"old_field": "value1", "other_field": "value2"}

What is the resulting document after processing?

A{"new_field": "value1", "other_field": "value2"}
B{"old_field": "value1", "new_field": "value1", "other_field": "value2"}
C{"other_field": "value2"}
D{"old_field": null, "new_field": "value1", "other_field": "value2"}
Attempts:
2 left
💡 Hint

The rename processor moves the value and removes the old field.

🔧 Debug
advanced
2:00remaining
What error does this Grok processor configuration cause?

Consider this Grok processor configuration:

{"grok": {"field": "message", "patterns": ["%{WORD:method} %{URIPATHPARAM:request} %{NUMBER:status_code}"]}}

Input message: POST /api/data abc

What error will occur during processing?

ANo error, status_code is 'abc' as string
BIndexOutOfBoundsException
CNullPointerException
DGrokParseException due to 'abc' not matching NUMBER
Attempts:
2 left
💡 Hint

The pattern expects a number but input has 'abc'.

🧠 Conceptual
expert
3:00remaining
Which processor sequence correctly extracts and renames a date field?

You receive logs with a field log_time in format dd/MM/yyyy HH:mm:ss. You want to parse it as a date and rename it to timestamp. Which sequence of processors achieves this correctly?

A[{"date": {"field": "log_time", "formats": ["dd/MM/yyyy HH:mm:ss"]}}, {"rename": {"field": "log_time", "target_field": "timestamp"}}]
B[{"rename": {"field": "log_time", "target_field": "timestamp"}}, {"date": {"field": "timestamp", "formats": ["dd/MM/yyyy HH:mm:ss"]}}]
C[{"rename": {"field": "timestamp", "target_field": "log_time"}}, {"date": {"field": "log_time", "formats": ["dd/MM/yyyy HH:mm:ss"]}}]
D[{"date": {"field": "timestamp", "formats": ["dd/MM/yyyy HH:mm:ss"]}}, {"rename": {"field": "log_time", "target_field": "timestamp"}}]
Attempts:
2 left
💡 Hint

Think about which field exists before and after rename.