Warning: file_get_contents(/data/phpspider/zhask/data//catemap/6/ant/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
<img src="//i.stack.imgur.com/RUiNP.png" height="16" width="18" alt="" class="sponsor tag img">elasticsearch 使用Logstah和XPath处理嵌套对象_<img Src="//i.stack.imgur.com/RUiNP.png" Height="16" Width="18" Alt="" Class="sponsor Tag Img">elasticsearch_Xpath_Logstash - Fatal编程技术网 elasticsearch 使用Logstah和XPath处理嵌套对象,elasticsearch,xpath,logstash,elasticsearch,Xpath,Logstash" /> elasticsearch 使用Logstah和XPath处理嵌套对象,elasticsearch,xpath,logstash,elasticsearch,Xpath,Logstash" />
Fatal编程技术网
  • elasticsearch/
  • elasticsearch 使用Logstah和XPath处理嵌套对象

elasticsearch 使用Logstah和XPath处理嵌套对象

xpath logstash

elasticsearch 使用Logstah和XPath处理嵌套对象,elasticsearch,xpath,logstash,elasticsearch,Xpath,Logstash,我有一个XML结构 <Event> <Core Id="10233" /> <Parameters> <Parameter EngValue="1.0" DecValue="1.0" /> <Parameter EngValue="GCOM" /> <Parameter EngValue="1.0" DecValue="1.0" /> </Parameters> &

我有一个XML结构

<Event>
  <Core Id="10233" />
  <Parameters>
      <Parameter EngValue="1.0" DecValue="1.0" />
      <Parameter EngValue="GCOM" />
      <Parameter EngValue="1.0" DecValue="1.0" />
  </Parameters>
</Event>
使用XML筛选器,我尝试了:

xpath => [
    "/Event/Core/@Id", "CoreID",
    "/Event/Parameters/Parameter/@DecValue", "[Parameter][DecValue]",
    "/Event/Parameters/Parameter/@EngValue", "[Parameter][EngValue]",
]
但到目前为止,我只知道:

{
  "CoreID" : "10233",
  "Parameter" : {
      "EngValue" : ["1.0", "GCOM", "1.0"],
      "DecValue" : ["1.0", "1.0"]
    }
}
如何将“参数”设置为数组而不是其属性

我尝试使用Ruby过滤器来创建“Parameter”对象。但是在XML过滤器之后(即当我的Ruby过滤器开始时),我必须“加入”数组
“EngValue”:[“1.0”、“GCOM”、“1.0”]
“DecValue”:[“1.0”、“1.0”]

问题是,对于“EngValue”的每个元素,我不知道“DecValue”中对应的元素。

如果您不介意使用ruby,我建议如下:

filter {
  xml {
    source => "message"
    target => "parsed"
  }

  ruby {
      code => '
        event.set("Parameter", event.get("[parsed][Parameters][0][Parameter]"))
        event.set("CoreId", event.get("[parsed][Core][0][Id]"))
      '
  }


  mutate {
    remove_field => ["message", "parsed"]
  }
}
应输出:

{
    "@timestamp" => 2017-08-29T13:45:46.112Z,
      "@version" => "1",
          "host" => "my-host",
     "Parameter" => [
        [0] {
            "DecValue" => "1.0",
            "EngValue" => "1.0"
        },
        [1] {
            "EngValue" => "GCOM"
        },
        [2] {
            "DecValue" => "1.0",
            "EngValue" => "1.0"
        }
    ],
        "CoreId" => "10233"
}

{
    "@timestamp" => 2017-08-29T13:45:46.112Z,
      "@version" => "1",
          "host" => "my-host",
     "Parameter" => [
        [0] {
            "DecValue" => "1.0",
            "EngValue" => "1.0"
        },
        [1] {
            "EngValue" => "GCOM"
        },
        [2] {
            "DecValue" => "1.0",
            "EngValue" => "1.0"
        }
    ],
        "CoreId" => "10233"
}