elasticsearch,logstash,Json,Parsing,elasticsearch,Logstash" /> elasticsearch,logstash,Json,Parsing,elasticsearch,Logstash" />
Fatal编程技术网
  • json/
  • 来自RabbitMQ的Logstash JSON解析

来自RabbitMQ的Logstash JSON解析

json parsing logstash

来自RabbitMQ的Logstash JSON解析,json,parsing,elasticsearch,logstash,Json,Parsing,elasticsearch,Logstash,我从RabbitMQ收到以下消息,我认为从RabbitMQ接收到的JSON具有BOM {"ID":"811b7858-a926-479f-939a-2b0ab17de855","Name":"Johnson","Age": "30", "Work":"Engineer","Timestamp":"4/13/2015 10:53:29 AM"} 当我将其保存到Elastic search时,我得到如下结果: { "_index": "logstash-2015.04.13", "_type":

我从RabbitMQ收到以下消息,我认为从RabbitMQ接收到的JSON具有BOM

{"ID":"811b7858-a926-479f-939a-2b0ab17de855","Name":"Johnson","Age": "30", "Work":"Engineer","Timestamp":"4/13/2015 10:53:29 AM"}
当我将其保存到Elastic search时,我得到如下结果:

{
"_index": "logstash-2015.04.13",
"_type": "logs",
"_id": "AUyxO4R8g98unoWRM4eU",
"_version": 1,
"_score": 1,
"_source": {
    "message": "{"ID":"811b7858-a926-479f-939a-2b0ab17de855",","Name":"Johnson","Age": "30", "Work":"Engineer","Timestamp":"4/13/2015 10:53:29 AM"}",
    "@version": "1",
    "@timestamp": "2015-04-13T05:23:29.935Z",
    "type": "Employees"
    }
}
但我想把它们作为

{
"_index": "logstash-2015.04.13",
"_type": "logs",
"_id": "AUyxO4R8g98unoWRM4eU",
"_version": 1,
"_score": 1,
"_source": {
    "ID":"811b7858-a926-479f-939a-2b0ab17de855",
    "Name":"Johnson",
    "Age": "30",
    "Work":"Engineer",
    "Timestamp":"4/13/2015 10:53:29 AM"
    "@version": "1",
    "@timestamp": "2015-04-13T05:23:29.935Z",
    "type": "Employees" 
    }
}
我尝试了json过滤器。但它不起作用。

您可以尝试使用json过滤器进行日志存储,它将消息字符串转换为json格式

filter {
  json {
    source => "message"
    remove_field => ["message"]
  }
}
消息字段的开头真的有问号吗?没有,我想是在这里复制粘贴时添加的。更新了post,json过滤器应该可以正常工作。你的过滤器是什么样子的?会发生什么?日志中有什么有趣的地方吗?您可能需要使用-verbose或-debug来打开日志级别?json编解码器也应该工作得很好。我认为json有BOM,当我复制粘贴到notepad++中时,它会显示问号,有没有办法删除logstash中的BOM?是的,您应该能够使用。那么问题又是什么呢?BOM实际上是您从RabbitMQ获得的消息的一部分吗?请相应地调整问题。