Plugins Logstash-使用记忆插件

尝试像这样使用“记忆”插件：

            if [message] =~ /matching event/ {

                grok {
                    match => [ "message", "%{mymatch:datetime}" ]
                }

                memorize {
                    field => [datetime]
                }
            }

            if [message] =~ /another event/ {
                mutate {
                    add_field => {
                        datetime => "%{datetime}"
                    }
                }
            }

正在添加名为datetime的字段，但它只包含文本“%{datetime}”。很明显，我使用的插件不正确。有人能建议如何引用记忆值吗

---

谢谢。

插件的工作方式如下：

        if [message] =~ /matching event/ {
            grok {
                match => [ "message", "%{mymatch:datetime}" ]
            }
        }
        # either save the datetime or add it based on last value
        memorize {
           field => 'datetime'
           default => '00:00:00'
        }

        if [message] =~ /another event/ {
            # datetime has already been added based on the above line
        }

---

字段=>'datetime'而不是字段=>'datetime'