Logstash使用键将字符串分解为数组

时间:2016-05-23 09:30:39

标签: logstash

这是我的管道输出:

"attributes" => "Width:150,200;Height:200;Size:L"

我想要输出:

"attributes" => [
    "Width"  => [
        150,
        200
    ],
    "Height" => 200,
    "Size"   => "L"
]

我尝试使用mutate过滤器

mutate {
    split => ["attributes", ";"]
}

以这种方式转换数据

"attributes" => [
    [0] "Width:150",
    [1] "Height:200"
    [2] "Size:L"
]

有没有办法通过logstash过滤器对其进行转换?

2 个答案:

答案 0 :(得分:3)

您可以使用kv过滤器:

kv {
    source => "attributes"
    field_split => ";"
    value_split => ":"
    target => "attributes"
}

ruby {
    # splits all fields so all fields are array
    code => "event['attributes'].each do |cusField| event['attributes'][cusField[0]] = cusField[1].split(',') end"
    # splits only if field contains ','
    # code => "event['attributes'].each do |cusField| event['attributes'][cusField[0]] = cusField[1].split(',') if cusField[1].include? ',' end"
}

答案 1 :(得分:-1)

您可以直接使用拆分

 filter {
      split {
            field => "attributes"
          }
      }

以下是文件: https://www.elastic.co/guide/en/logstash/5.2/plugins-filters-split.html#plugins-filters-split-remove_field

相关问题
最新问题