Elastichsearch转换文档格式

时间:2018-11-07 13:49:11

标签: elasticsearch elastic-stack

我使用的是麋鹿6.4.2,并且使用Java api,我每5分钟提取一次存储在metricbeat索引中的所有文档。

例如:

public static void CreateTable(string fileName)
{
    // Use the file name and path passed in as an argument 
    // to open an existing Word 2007 document.

    using (WordprocessingDocument doc
        = WordprocessingDocument.Open(fileName, true))
    {
        // Create an empty table.
        Table table = new Table();

        // Create a TableProperties object and specify its border information.
        TableProperties tblProp = new TableProperties(
            new TableBorders(
                new TopBorder()
                {
                    Val =
                    new EnumValue<BorderValues>(BorderValues.None),
                },
                new BottomBorder()
                {
                    Val =
                        new EnumValue<BorderValues>(BorderValues.None),
                },
                new LeftBorder()
                {
                    Val =
                        new EnumValue<BorderValues>(BorderValues.None),
                },
                new RightBorder()
                {
                    Val =
                        new EnumValue<BorderValues>(BorderValues.None),
                },
                new InsideHorizontalBorder()
                {
                    Val =
                        new EnumValue<BorderValues>(BorderValues.None),
                },
                new InsideVerticalBorder()
                {
                    Val =
                        new EnumValue<BorderValues>(BorderValues.None),
                }
            )
        );

        // Append the TableProperties object to the empty table.
        table.AppendChild<TableProperties>(tblProp);

        // Create a row.
        TableRow tr = new TableRow();

        // Create a cell.
        TableCell tc1 = new TableCell();

        // Specify the width property of the table cell.
        tc1.Append(new TableCellProperties(
            new TableCellWidth() { Type = TableWidthUnitValues.Dxa, Width = "2400" }));

        // Specify the table cell content.
        tc1.Append(new Paragraph(new Run(new Text("some text"))));

        // Append the table cell to the table row.
        tr.Append(tc1);

        // Create a second table cell by copying the OuterXml value of the first table cell.
        TableCell tc2 = new TableCell(tc1.OuterXml);

        // Append the table cell to the table row.
        tr.Append(tc2);

        // Append the table row to the table.
        table.Append(tr);

        // Append the table to the document.
        doc.MainDocumentPart.Document.Body.Append(table);
    }
}

我想配置Elasticsearch,使其以以下格式转换我获取的所有文档:

"system": {
   "core": {
      "nice": {
         "pct": 0
       },
       "system": {
          "pct": 0.0121
       },

或:

{
 "module": "system",
 "metric": "core",
 "value": 0,
},
{
 "module": "system",
 "metric": "system",
 "value": 0.0121,
 }

1 个答案:

答案 0 :(得分:0)

您需要使用 Logstash 重组显示为stdin()的传入数据,以通过ElasticSearch作为stdout()输出。查看图here,了解Logstash如何充当客户端和ES群集之间的隧道。

Logstash允许您通过在JSON树中创建新字段或过滤掉不必要的部分来更改字段。该语法看起来非常丑陋且难以学习,但是如果正确地考虑了所有规则,它应该将您的输入转换为所需的输出。您可以通过重命名,删除,合并,替换等here

进行更改

示例变异:

if "Invoice_IID" in [msg] {
 mutate {
  add_field => { "Invoice_IID" => "%{msg}" }
}
}

filter {
  mutate {
     copy => { "source_field" => "dest_field" }
  }
}

filter {
  mutate {
    # Renames the 'HOSTORIP' field to 'client_ip'
    rename => { "HOSTORIP" => "client_ip" }
  }
}
相关问题
最新问题