Logstash可以将以下几行日志行转换为2条单独的日志行吗?
2020-05-20 00:06:38,685 [INFO] [45678] Begin Packet [ID:999999 S#123] ****
2020-05-20 00:06:38,685 [INFO] [45678] Event 1 of 2 : Sequence:100 SUBID:222222 Code:Working
2020-05-20 00:06:38,685 [INFO] [45678] Parameter Check = 45
2020-05-20 00:06:38,685 [INFO] [45678] Parameter Slap = 8080
2020-05-20 00:06:38,685 [INFO] [45678] Event 2 of 2 : Sequence:101 SUBID:333333 Code:Dancing
2020-05-20 00:06:38,685 [INFO] [45678] Parameter Poke = 60
2020-05-20 00:06:38,685 [INFO] [45678] Parameter Stab = 2424
结果:
2020-05-20 00:06:38,685 id:999999 s:123 event:1 sequence:100 subid:222222 code:Working check:45 slap:8080
2020-05-20 00:06:38,685 id:999999 s:123 event:2 sequence:101 subid:333333 code:Dancing poke:60 stab:2424
此相关事件块的时间戳始终是唯一的,因此我尝试使用聚合过滤器将它们组合在一起。但是我没有看到从结果中生成2个事件的方法,甚至找不到避免覆盖结果的方法。而不是仅仅推送它。