Feature Request: type conversion pipeline functions for lists

[tellistone]

What?

Way to convert a list of strings to a list of doubles/numbers. The customer requests a change to to_double, but actual implementation may require a different function completely.

Intended Purpose:

Converting lists of the wrong type to lists of the right type to prevent indexing errors. Conversion of lists is currently only possible with some regex hacks. OpenSearch will take a list of the right type, if it is identifiable as the right type or directly convertible to the right one. With strings and numbers this is not the case. Customer had to implement separate pipeline-rules for the cases of no elements, one element and multiple elements.

Expected Outcome:

With to_double as an example Customer expects the following: to_double(["123","123","123"]) → [123.0,123.0,123.0] to_double(["123"]) → 123.0 (no brackets or will get indexing errors) to_double([]) → 0.0 It would be useful to have a default value, such as 0.0 here, to prevent fields from getting removed in pipeline rules due to not having a value. They eventually did it with regex and had the OpenSearch do the rest but they'd really like the conversion functions to also consistent lists and have them convert the elements.

**Why?

Business Impact:**

Customer had this problem solved with regex and 3 pipeline rules. They would like to have this in the “first parsing”-rule on the input, since it was shown that lists could be used for things such as Tags. Becoming more relevant than ever for them and having to implement inefficient, ad-hoc solutions such as theirs is probably not very appealing to a lot of, especially newer, customers.

Your Environment

Graylog Version: 6.0.7

[coffee-squirrel]

Seems similar to #11438, which was created based upon our request to be able to split a string (X-Forwarded-For) into an array and convert its elements to IPs.