如何使用logstash过滤器为此格式提取邮件数据

Question

我是过滤器和logstash的新手，这是我的日志消息格式

{
    "exception":"",
    "headers {},
    "code":"",
    "method":"main",
    "level":"INFO",
    "thread":1,
    "timeInMillis":1515624209119,
    "message":"The Server for Kubernetes has started",
    "body":"",
    "class":"kubernetes.operator.Main",
    "timestamp":"01- 10 - 2018T22: 43:29.119 + 0000"
}

你能帮我写一个logstash过滤器来将数据提取到单独的fild中吗？非常感谢你

Answer 1

如果您想在索引数据之前按摩数据，可以尝试使用ruby过滤器或聚合过滤器

filter {    
  ruby {
       code => "  
                  msg = event.get('message') + ' - additional information.'
                  map['message'] = msg

                  #you can also iterate through all the fields
                  event.to_hash.each do |key,value| 

                  end 

                 "
    }
}