嗨,我是一个新手来制作。目前我在解析结构化的json文件时遇到了一些问题:
data : {
some_other_tag: [
actual_data_1: {
something......
}
actual_data_2: {
something......
}
]
}
现在我只想获取所有的actual_data字段并使用elasticsearch对它们建立索引。怎么做?
我的Logstash conf现在就是这样:
input {
http_poller {
urls => {
some_name => {
url => "http://xxx.xxx.xxx.xxx"
}
}
type => "some_type"
request_timeout => 60
interval => 60
codec => json
}
}
filter {
/*what should I write here?*/
}
output {
elasticsearch {
index => "some_name"
}
stdout {
codec => rubydebug
}
}
stdout就像:
{
timestamp : xxxxxxx
version : xxxxxxx
data : {
some_other_tag: [
actual_data_1: {
something......
}
actual_data_2: {
something......
}
]
}
}
我想要的是:
{
actual_data1:{
timestamp:xxxx
version: xxx
some data.....
}
actual_data2:{
timestamp:xxxx
version: xxx
some data.....
}
}