解析Logstash中的嵌套JSON字符串
我以json格式登录到logstash, 我的日志有以下字段,每个字段都是字符串,解析Logstash中的嵌套JSON字符串,logstash,Logstash,我以json格式登录到logstash, 我的日志有以下字段,每个字段都是字符串,atts字段是字符串化的json(注意:atts子字段每次都不同) 以下是一个例子: {“name”:“bob”,“last”:“builder”,“atts”:“{\“a\”:111,\“b\”:222} 我想将其解析为如下内容: { "name" => "bob", "last" => "builder" "atss" => { "a"
attsatts{“name”:“bob”,“last”:“builder”,“atts”:“{\“a\”:111,\“b\”:222} {
"name" => "bob",
"last" => "builder"
"atss" => {
"a" => 111,
"b" => 222}
}
input { stdin { } }
filter {
json {
source => "message"
target => "parsed"
}
}
output { stdout { codec => rubydebug }}
{
"@timestamp" => 2017-04-05T12:19:04.090Z,
"parsed" => {
"atss" => "{\"a\":111, \"b\":222}",
"name" => "bob",
"last" => "the builder"
},
"@version" => "1",
"host" => "0.0.0.0"
}
atts{
"@timestamp" => 2017-04-05T12:19:04.090Z,
"parsed" => {
"atss" =>
{"a" => 111,
"b" => 222},
"name" => "bob",
"last" => "the builder"
},
"@version" => "1",
"host" => "0.0.0.0"
}
有一个
jsonjson {
source => "[parsed][atss]"
target => "[parsed][newfield]"
}
我不确定你是否能把atss作为新的领域。它可能会也可能不会起作用。如果没有,请使用
mutate删除\u字段重命名\u字段input {
stdin { }
}
filter {
json {
source => "message"
target => "message"
}
json {
source => "[message][atts]"
target => "[message][atts]"
}
}
output { stdout { codec => rubydebug }}
截至2020年8月5日,在logstash 7.8.0中,JSON过滤器现在解析嵌套字符串。
我将以下字符串存储在Postgres列中,我们称之为“column-1” 我的json过滤器如下所示
json {
source => "column-1"
target => "column-1"
}
与公认的答案不同的是,现在我们只需要一个json过滤器,而不是多个。谢谢!你能看到我贴出的答案吗?有没有办法把过滤器全部写在
jsonfilter{json{source=>“message”target=>“message”source=>“[message][atts]”“target=>“[message][atts]”}}json {
source => "column-1"
target => "column-1"
}