我有以下logstash配置,我正在尝试将RabbitMQ标头(存储在@metadata字段中)发送到ElasticSearch
input {
rabbitmq {
auto_delete => false
durable => false
host => "my_host"
port => 5672
queue => "my_queue"
key => "#"
threads => 1
codec => "plain"
user => "user"
password => "pass"
metadata_enabled => true
}
}
filter {
???
}
output {
stdout { codec => rubydebug {metadata => true} }
elasticsearch { hosts => localhost }
}
我可以在std输出中看到标题
{
"@timestamp" => 2017-07-11T15:53:28.629Z,
"@metadata" => {
"rabbitmq_headers" => { "My_Header" => "My_value"
},
"rabbitmq_properties" => {
"content-encoding" => "utf-8",
"correlation-id" => "785901df-e954-4735-a9cf-868088fdac87",
"content-type" => "application/json",
"exchange" => "My_Exchange",
"routing-key" => "123-456",
"consumer-tag" => "amq.ctag-ZtX3L_9Zsz96aakkSGYzGA"
}
},
"@version" => "1",
"message" => "{...}"
是否有一些过滤器(grok,mutate,kv等)可以将这些值复制到发送给ElasticSearch的消息中的标签?