Logstash 日志存储解析字段问题_Logstash

Logstash 日志存储解析字段问题

logstash

Logstash 日志存储解析字段问题,logstash,Logstash,我的日志打印如下： "message" => "....", "host" => "10.10.12.13", "@version" => "1", "@timestamp" => "2016-04-13T01:52:43.535Z", "DISMAN-EVENT-MIB::sysUpTimeInstance" => "22 days, 16:33:23.24", "SNMP-MIB::OID_0" => "example::bgpPeerState", "

我的日志打印如下：

"message" => "....",
"host" => "10.10.12.13",
"@version" => "1",
"@timestamp" => "2016-04-13T01:52:43.535Z",
 "DISMAN-EVENT-MIB::sysUpTimeInstance" => "22 days, 16:33:23.24",
"SNMP-MIB::OID_0" => "example::bgpPeerState",
"source_ip" => "10.10.12.13"

我想解析基于前缀“specific”的字符串，并为此添加一个字段，然后删除原始字符串

“SNMP-MIB:：OID_0”=>“示例：：bgpeerState”

它应该如下所示

   "message" => "....",
 "host" => "10.10.12.13",
 "@version" => "1",
 "@timestamp" => "2016-04-13T01:52:43.535Z",
 "type" => "snmptrap",
 "DISMAN-EVENT-MIB::sysUpTimeInstance" => "22 days, 16:33:23.24",
 "example" => "bgpPeerState",
"source_ip" => "10.10.12.13"

我的确认

filter
 {
        if "example" in [SNMP-MIB::OID_0] {
               # I don't how to parse it and add a field  ???

              }
      else
      {
                 .......
       }

}

一如既往，非常感谢您的帮助

使用

kv

过滤器：

filter {
    if "example" in [SNMP-MIB::OID_0] {
        kv {
            source => "SNMP-MIB::OID_0"
            value_split => ":"
            trim => ":"
            remove_field => "SNMP-MIB::OID_0"
        }
    }
}

}

使用

kv

过滤器：

filter {
    if "example" in [SNMP-MIB::OID_0] {
        kv {
            source => "SNMP-MIB::OID_0"
            value_split => ":"
            trim => ":"
            remove_field => "SNMP-MIB::OID_0"
        }
    }
}

}