The createEvents() query function generates temporary
events as part of the query and is ideal for generating sample data for
testing or troubleshooting. It is regarded as an aggregator function and,
therefore, discards all incoming events and outputs the generated ones.
The events are generated with no extracted fields but
createEvents() can, advantageously, be combined with
one of the many parsers. For example, given raw strings in the format of
key-value pairs, the pairs can be parsed to fields using the
kvParse() function.
Function Traits: Aggregate
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
rawstring | string | optional | Specification of events to emit. Each event is given as a @rawstring which is not processed further. |
createEvents() Examples
Two temporary events can be generated as follows:
createEvents(["animal=dog weight=7.0", "animal=cat weight=4.2"])The generated output events are:
| @rawstring | @timestamp | @timestamp.nanos |
|---|---|---|
| animal=dog weight=7.0 | 2022-10-31 08:14:09 | 0 |
| animal=cat weight=4.2 | 2022-10-31 08:14:09 | 0 |
createEvents() can be combined with different
parsers to generate more interesting events, for example with
kvParse() or parseJson(). With
the key-value pair parser kvParse(), two temporary
events with two fields can be generated as follows:
createEvents(["animal=dog weight=7.0", "animal=cat weight=4.2"])
| kvParse()
The events are specified as a string of key-value pairs
(key=value), and parsed with
kvParse(). The generated output events are:
| @rawstring | @timestamp | @timestamp.nanos | animal | weight |
|---|---|---|---|---|
| animal=dog weight=7.0 | 2022-10-31 08:14:09 | 0 | dog | 7.0 |
| animal=cat weight=4.2 | 2022-10-31 08:14:09 | 0 | cat | 4.2 |
Similarly, createEvents() can be combined with
parseJson() to parse
@rawstring as JSON:
createEvents(["{\"animal\":{\"kind\":\"dog\", \"weight\":7.0}}", "{\"animal\":{\"kind\":\"cat\", \"weight\":4.2}}"])
| parseJson()The generated output events are:
| @rawstring | @timestamp | @timestamp.nanos | animal.kind | animal.weight |
|---|---|---|---|---|
| {"animal":{"kind":"dog", "weight":7.0}} | 2022-10-31 08:14:09 | 0 | dog | 7.0 |
| {"animal":{"kind":"cat", "weight":4.2}} | 2022-10-31 08:14:09 | 0 | cat | 4.2 |