来自RabbitMQ的Logstash JSON解析
我从RabbitMQ收到以下消息,我认为从RabbitMQ接收到的JSON具有BOM来自RabbitMQ的Logstash JSON解析,json,parsing,
elasticsearch,logstash,Json,Parsing,
elasticsearch,Logstash,我从RabbitMQ收到以下消息,我认为从RabbitMQ接收到的JSON具有BOM {"ID":"811b7858-a926-479f-939a-2b0ab17de855","Name":"Johnson","Age": "30", "Work":"Engineer","Timestamp":"4/13/2015 10:53:29 AM"} 当我将其保存到Elastic search时,我得到如下结果: { "_index": "logstash-2015.04.13", "_type":
{"ID":"811b7858-a926-479f-939a-2b0ab17de855","Name":"Johnson","Age": "30", "Work":"Engineer","Timestamp":"4/13/2015 10:53:29 AM"}
当我将其保存到Elastic search时,我得到如下结果:
{
"_index": "logstash-2015.04.13",
"_type": "logs",
"_id": "AUyxO4R8g98unoWRM4eU",
"_version": 1,
"_score": 1,
"_source": {
"message": "{"ID":"811b7858-a926-479f-939a-2b0ab17de855",","Name":"Johnson","Age": "30", "Work":"Engineer","Timestamp":"4/13/2015 10:53:29 AM"}",
"@version": "1",
"@timestamp": "2015-04-13T05:23:29.935Z",
"type": "Employees"
}
}
但我想把它们作为
{
"_index": "logstash-2015.04.13",
"_type": "logs",
"_id": "AUyxO4R8g98unoWRM4eU",
"_version": 1,
"_score": 1,
"_source": {
"ID":"811b7858-a926-479f-939a-2b0ab17de855",
"Name":"Johnson",
"Age": "30",
"Work":"Engineer",
"Timestamp":"4/13/2015 10:53:29 AM"
"@version": "1",
"@timestamp": "2015-04-13T05:23:29.935Z",
"type": "Employees"
}
}
我尝试了json过滤器。但它不起作用。您可以尝试使用json过滤器进行日志存储,它将消息字符串转换为json格式
filter {
json {
source => "message"
remove_field => ["message"]
}
}
消息字段的开头真的有问号吗?没有,我想是在这里复制粘贴时添加的。更新了post,json过滤器应该可以正常工作。你的过滤器是什么样子的?会发生什么?日志中有什么有趣的地方吗?您可能需要使用-verbose或-debug来打开日志级别?json编解码器也应该工作得很好。我认为json有BOM,当我复制粘贴到notepad++中时,它会显示问号,有没有办法删除logstash中的BOM?是的,您应该能够使用。那么问题又是什么呢?BOM实际上是您从RabbitMQ获得的消息的一部分吗?请相应地调整问题。