递归不适用于logstash的kv过滤器

时间:2019-04-20 10:12:03

标签: elasticsearch logstash elastic-stack logstash-grok logstash-configuration

我想知道kv过滤器中递归函数的用法。我正在使用一个csv文件。我使用logstash将文件上传到ES。从此链接https://www.elastic.co/guide/en/logstash/current/plugins-filters-kv.html#plugins-filters-kv-recursive

阅读指南之后

我知道它复制了键/值对,并将其存储在单独的键中。但是我无法获得有关过滤器的其他信息或示例。我在logstash配置文件中添加了递归行。没有变化。 它是使用值(键值对)复制字段,还是此函数在做什么?

这是我通过logstash传递的示例csv文件数据:

"host" => "smackcoders",
                  "Driveline" => "Four-wheel drive",
                       "Make" => "Jeep",
                      "Width" => "79",
                     "Torque" => "260",
                       "Year" => "2012",
                 "Horsepower" => "285",
                   "City_mpg" => "17",
                     "Height" => "34",
             "Classification" => "Manual,Transmission",
                 "Model_Year" => "2012 Jeep Wrangler",
    "Number_of_Forward_Gears" => "6",
                     "Length" => "41",
                "Highway_mpg" => "21",
                   "@version" => "1",
                    "message" => "17,\"Manual,Transmission\",Four-wheel drive,Jeep 3.6L 6 Cylinder 280 hp 260 lb-ft,Gasoline,34,21,285,False,2012 Jeep Wrangler Arctic,41,Jeep,2012 Jeep Wrangler,6,260,6 Speed Manual,79,2012",
                  "Fuel_Type" => "Gasoline",
                "Engine_Type" => "Jeep 3.6L 6 Cylinder 280 hp 260 lb-ft",
                       "path" => "/home/paulsteven/log_cars/cars.csv",
                     "Hybrid" => "False",
                         "ID" => "2012 Jeep Wrangler Arctic",
                 "@timestamp" => 2019-04-20T07:58:26.552Z,
               "Transmission" => "6 Speed Manual"
}

这是配置文件:

input {
   file {
      path => "/home/paulsteven/log_cars/cars.csv"
      start_position => "beginning"
      sincedb_path => "/dev/null"
   }
}
filter {
    csv {
        separator => ","
        columns => ["City_mpg","Classification","Driveline","Engine_Type","Fuel_Type","Height","Highway_mpg","Horsepower","Hybrid","ID","Length","Make","Model_Year","Number_of_Forward_Gears","Torque","Transmission","Width","Year"]
    }
    kv {
        recursive => "true"
    }
}
output {
  elasticsearch {
    hosts => "localhost:9200"
    index => "kvfilter1"
    document_type => "details"
  }
  stdout{}
}

1 个答案:

答案 0 :(得分:0)

找到了一些在kv过滤器中进行递归的示例:

input { generator { count => 1 message => 'foo=1,bar="foor=10,barr=11"' } }

filter {
    kv { field_split => "," value_split => "=" recursive => false }
}

会产生

   "foo" => "1",
   "bar" => "foor=10,barr=11",


input { generator { count => 1 message => 'foo=1,bar="foor=10,barr=11"' } }

filter {
    kv { field_split => "," value_split => "=" recursive => true }
}

会产生

       "foo" => "1",
       "bar" => {
    "foor" => "10",
    "barr" => "11"
},
相关问题
最新问题