Mysql 提取Logstash中的特定键和值_Mysql_Json_Logstash

Mysql 提取Logstash中的特定键和值

mysql json logstash

Mysql 提取Logstash中的特定键和值,mysql,json,logstash,Mysql,Json,Logstash,我使用Logastash从mysql收集数据。Json结果看起来： "_source" : { "username" : "room_test@localhost", "timestamp" : 1481785195811703, "peer" : "user@localhost/1596084304715518942270426", "bare_peer" : "user@localhost",

我使用Logastash从mysql收集数据。Json结果看起来：

 "_source" : {
            "username" : "room_test@localhost",
            "timestamp" : 1481785195811703,
            "peer" : "user@localhost/1596084304715518942270426",
            "bare_peer" : "user@localhost",
            "xml" : "<message to='room_test1481784717020@localhost' type='groupchat' from='user@localhost'><body>msg</body><jid>456-345</jid></message>",
            "txt" : "msg",
            "id" : 6452,
            "kind" : "groupchat",
            "nick" : "user",
            "created_at" : "2016-12-15T06:59:55.000Z",
            "@version" : "1",
            "@timestamp" : "2017-02-25T12:17:52.043Z"
          }

我需要从xml键中提取值作为单独的值。就像这个jid:456-345

谢谢你，格罗克能处理这件事

grok {
  match => {
    "xml" => "<jid>(?<jid>[-0-9]{4,9})</jid>"
  }
}

这将创建一个与您提供的值相等的jid字段。XML中JID标记中的值的长度可以在4到9个字符之间。根据需要进行调整