Support Fixed length extraction

[ph]

Take the following stringA0118, The A represents the message class, the 01 is the month and 18 is the day. In the current dissect syntax there is no way to define fixed length keys, theses extraction should be O(n).

Suggested syntax:

`%{foobar*N} 

where N is a positive number for the number of chars to extract for the key.

[jakelandis]

+1 to adding the ability for fixed length keys.

I would suggest to use # to avoid overloading the * modifier

%{foobar#N}

for example:

%{+foobar/2#5->} 

[ph]

yes # seems to be a more appropriate choice and acts as a mnemonic.

[ycombinator]

Hi @ph @jakelandis It looks like a community user is trying to address this enhancement via elastic/beats#17191. I'm not familiar with this repo so I have a couple of questions:

1. I imagine it's okay to implement this enhancement in the Beats dissect processor even if it isn't also implemented in the Logstash and Ingest Node ones. That is, I assume it's okay to proceed with reviewing and accepting the community contribution PR I linked to above?

2. (Assuming the answer to 1. is yes) If/when Support Fixed length extraction beats#17191 is merged, do we also want a PR to this repo here, updating the README with the relevant syntax enhancements?

3. Finally, I assume we want to leave this issue here open even after Support Fixed length extraction beats#17191 is merged?

[ph]

@ycombinator thanks for the ping on that, @vjsamuel did message me for that because the PR is created from a colleague at eBay and I had an early previous of the diff, I believe what you are proposing is OK, accept that PR get it merged and update the documentation in this repository to reflect the change and keep the issue open on this repository until all implementation is done.

@jakelandis and @jsvd can you take the lead to create the issues for the implementation in Elasticsearch and Logstash?

[ph]

Looking at the tests I think its safe addition to our syntax.

[jakelandis]

ES issue logged: elastic/elasticsearch#55273