在Logstash中提取xpath值以有条件地创建新字段

时间:2018-02-13 20:52:31

标签: elasticsearch logstash logstash-configuration

我的xml文件的结构如下所示。我想提取xpath创建的字段的值,并在其上运行if else条件。在某种程度上,如果,如果station_name的值等于" Finch"然后创建一个新的领域并存储在其中。任何人都建议我如何实现这个

我想要实现的目标的编码版本

if "Finch" in [station_name] {
xpath => ["/station/name/text()","Ny_station"]
}
else {
xpath => ["/station/name/text()","nonNy_station"]
}

这是我的配置文件

input
{
file
{
path => "C:\Users\186181152\Downloads\stations3.xml"
start_position => "beginning"
sincedb_path => "/dev/null"
exclude => "*.gz"
type => "xml"
codec => multiline {
     pattern => "<stations>" 
     negate => "true"
     what => "previous"
}
}
}
filter
{
xml
{
source => "message"
store_xml => false
target => "stations"
xpath => [
"/stations/station/id/text()", "station_id",
"/stations/station/name/text()", "station_name"
]
}

}

output
{
elasticsearch
{
codec => json
hosts => "localhost"
index => "xmlns24"
}
stdout
{
codec => rubydebug
}

}

enter image description here

1 个答案:

答案 0 :(得分:1)

您可以在xml过滤器中使用if else循环。但是你可以在if else循环中使用两个xml过滤器,唯一的区别是xpath创建的变量。

这里它检查字符串var ObjectId = require('mongodb').ObjectID; //reserve a seat for a trip app.post('/api/trips/:trip/:passenger',function(req,res){ console.log('trip:'+req.params.trip) console.log('passenger:'+req.params.passenger) db.collection('Trips').update({'_id':ObjectId(req.params.trip)},{ $push: { "passengers": req.params.passenger }},function(err,res){ if(err) throw err console.log('reserved seat on the trip') }) res.send('Your seat has been reserved') }) 作为消息值的正则表达式模式,以决定使用哪个xml过滤器。

Finch
相关问题
最新问题