Rabbitmq 将@metadata从日志存储发送到弹性搜索_Rabbitmq_Logstash_Logstash Configuration

Rabbitmq 将@metadata从日志存储发送到弹性搜索

rabbitmq logstash

Rabbitmq 将@metadata从日志存储发送到弹性搜索,rabbitmq,logstash,logstash-configuration,Rabbitmq,Logstash,Logstash Configuration,我有以下日志存储配置，我正在尝试将RabbitMQ头（存储在@metadata字段中）发送到ElasticSearch input { rabbitmq { auto_delete => false durable => false host => "my_host" port => 5672 queue => "my_queue" key => "#"

我有以下日志存储配置，我正在尝试将RabbitMQ头（存储在@metadata字段中）发送到ElasticSearch

input {
    rabbitmq {
        auto_delete => false
        durable => false
        host => "my_host"
        port => 5672
        queue => "my_queue"
        key => "#"      
        threads => 1
        codec => "plain"
        user => "user"
        password => "pass"
        metadata_enabled => true
    }
}

filter {
    ???
}

output {
    stdout { codec => rubydebug {metadata => true} }
    elasticsearch { hosts => localhost }
}

我可以在std输出中看到标题

{
    "@timestamp" => 2017-07-11T15:53:28.629Z,
     "@metadata" => {
           "rabbitmq_headers" => { "My_Header" => "My_value"
        },
        "rabbitmq_properties" => {
            "content-encoding" => "utf-8",
              "correlation-id" => "785901df-e954-4735-a9cf-868088fdac87",
                "content-type" => "application/json",
                    "exchange" => "My_Exchange",
                 "routing-key" => "123-456",
                "consumer-tag" => "amq.ctag-ZtX3L_9Zsz96aakkSGYzGA"
        }
    },
      "@version" => "1",
       "message" => "{...}"

是否有一些过滤器（grok、mutate、kv等）可以将这些值复制到发送到ElasticSearch的消息中的标记