elasticsearch Logstash:处理特殊的日志格式,elasticsearch,logstash,elastic-stack,logstash-grok,logstash-configuration,elasticsearch,Logstash,Elastic Stack,Logstash Grok,Logstash Configuration" /> elasticsearch Logstash:处理特殊的日志格式,elasticsearch,logstash,elastic-stack,logstash-grok,logstash-configuration,elasticsearch,Logstash,Elastic Stack,Logstash Grok,Logstash Configuration" />
Fatal编程技术网
  • elasticsearch/
  • elasticsearch Logstash:处理特殊的日志格式

elasticsearch Logstash:处理特殊的日志格式

logstash

elasticsearch Logstash:处理特殊的日志格式,elasticsearch,logstash,elastic-stack,logstash-grok,logstash-configuration,elasticsearch,Logstash,Elastic Stack,Logstash Grok,Logstash Configuration,是否有任何日志存储筛选器可用于处理此日志 mat的输入日志- apple=1 | banana= 3 | mango=5 或 过滤器的输出将如下所示- { "apple": "1" "banana": "3" "banana": "5" } 或 注:输入日志中的键和值的数量可能会随机变化,例如,在第一个日志中有3个,在最后一个日志中有5个。是的,您可以使用kv Logstash过滤器。只需将此筛选器添加到您的配置中: filter { ... kv {

是否有任何日志存储筛选器可用于处理此日志

mat的输入日志-

apple=1 | banana= 3 | mango=5

过滤器的输出将如下所示-

{
    "apple": "1"
    "banana": "3"
    "banana": "5"
}

注:输入日志中的键和值的数量可能会随机变化,例如,在第一个日志中有3个,在最后一个日志中有5个。是的,您可以使用kv Logstash过滤器。只需将此筛选器添加到您的配置中:

filter {
   ...
   kv {
      source => "your_field"
      field_split => "|"
      value_split => "="
      trim_key => "\s"
      trim_value => "\s"
   }
}
很酷,很高兴能帮上忙。嗨,瓦尔,你能检查一下这个吗? 
{
    "apple": "1"
    "banana": "3"
    "banana": "5"
    "tiger": "7"
    "elepnat": "1"
}

filter {
   ...
   kv {
      source => "your_field"
      field_split => "|"
      value_split => "="
      trim_key => "\s"
      trim_value => "\s"
   }
}