在Logstash输出中使用RabbitMQ字段
我想在Logstah Elasticsearch输出中使用RabbitMQ消息中的一些字段(如索引名等) 如果我在过滤器中使用在Logstash输出中使用RabbitMQ字段,rabbitmq,logstash,Rabbitmq,Logstash,我想在Logstah Elasticsearch输出中使用RabbitMQ消息中的一些字段(如索引名等) 如果我在过滤器中使用[@metadata][rabbitmq_properties][timestamp],它工作得很好,但在输出语句中却不行(下面的配置) 我做错了什么 input { rabbitmq { host => "rabbitmq:5672" user => "user" password => "pas
[@metadata][rabbitmq_properties][timestamp]input {
rabbitmq {
host => "rabbitmq:5672"
user => "user"
password => "password"
queue => "queue "
durable => true
prefetch_count => 1
threads => 3
ack => true
metadata_enabled => true
}
}
filter {
if [@metadata][rabbitmq_properties][timestamp] {
date {
match => ["[@metadata][rabbitmq_properties][timestamp]", "UNIX"]
}
}
}
output {
elasticsearch {
hosts => ['http://elasticsearch:9200']
index => "%{[@metadata][rabbitmq_properties][IndexName]}_%{+YYYY.MM.dd}"
}
stdout {codec => rubydebug}
}
使用如下所述的更换功能进行检查
input {
rabbitmq {
host => "rabbitmq:5672"
user => "user"
password => "password"
queue => "queue "
durable => true
prefetch_count => 1
threads => 3
ack => true
metadata_enabled => true
}
}
filter {
if [@metadata][rabbitmq_properties][timestamp] {
date {
match => ["[@metadata][rabbitmq_properties][timestamp]", "UNIX"]
}
}
mutate {
replace => {
"[@metadata][index]" => "%{[@metadata][rabbitmq_properties][IndexName]}_%{+YYYY.MM.dd}"
}
}
}
output {
elasticsearch {
hosts => ['http://elasticsearch:9200']
index => "%{[@metadata][index]}_%{+YYYY.MM.dd}"
}
stdout {codec => rubydebug}
}
你问的问题已经有了答案,这就是为什么我把它标记为可能的重复。正如在对链接问题的回答中所解释的,您必须为elasticsearch输出添加
manage\u template=>false