我有以下Json语法
{"result": {
"entities": {
"SERVICE-CCC89FB0A922657A": "service1",
"SERVICE-D279F46CD751424F": "service2",
"SERVICE-7AB760E70FCDCA18": "service3",
},
"dataPoints": {
"SERVICE-CCC89FB0A922657A": [
[
1489734240000,
1101.0
],
[
1489734300000,
null
]
],
"SERVICE-7AB760E70FCDCA18": [
[
1489734240000,
4080800.5470588235
],
[
1489734300000,
null
]
],
"SERVICE-D279F46CD751424F": [
[
1489734240000,
26677.695652173912
],
[
1489734300000,
null
]
]
}
},
"@timestamp": "2017-03-17T07:05:37.531Z",
"data": "data",
"@version": "1"
}
我想更改以下内容并在elasticsearch中输入。
{"@timestamp": "2017-03-17T07:05:37.531Z",
"data": "data",
"@version": "1",
"data" : {
"service1",: [
[
1489734240000,
1101.0
],
[
1489734300000,
null
]
],
"service3" : [
[
1489734240000,
4080800.5470588235
],
[
1489734300000,
null
]
],
"service2": [
[
1489734240000,
26677.695652173912
],
[
1489734300000,
null
]
]
}
}
这是当前logstash配置文件的内容。
input {
http_poller {
urls => {
test => {
method => get
url => "https://xxxx.com"
headers => {
Accept => "application/json"
}
}
}
request_timeout => 60
schedule => { every => "60s" }
codec => "plain"
}
}
filter {
json{
source => "message"
remove_field => ["[result][aggregationType]","message"]
}
# translate{
# }
# mutate{
# }
# ruby{
# }
}
output {
stdout {
codec => rubydebug {
#metadata => true
}
}
elasticsearch {
hosts => ["http://192.168.0.36:9200"]
}
}
我刚刚使用了elasticsearch,我不知道如何实现使用哪种过滤器。 我想知道是否有可能实现mutate过滤器重命名的内容。 或者我应该使用ruby过滤器实现代码吗?
实体可能会使用ruby过滤器进行排列,以匹配dataPoints的SERVICE- * s。 但是,很难处理Ruby代码。
我希望你能帮助我。
谢谢。
答案 0 :(得分:0)
以下是几个过滤器用于logstash ...
https://www.elastic.co/guide/en/logstash/current/plugins-filters-json.html