堆栈内存溢出
  简体   繁体   English

在Logstash中使用变量键名访问嵌套的JSON值

[英]Accessing nested JSON Value with variable key name in Logstash

 原文  2015-10-06 06:10:36       json/ logstash

问题描述

I've got a question regarding JSON in Logstash. 我在Logstash中有一个关于JSON的问题。 I have got a JSON Input that looks something like this: 我有一个看起来像这样的JSON输入: 

{
"2": {
        "name": "name2",
        "state": "state2"
    },

"1": {
        "name": "name1",
        "state": "state1"
    },

"0": {
        "name": "name0",
        "state": "state0"
    }
}

Now, let's say I want to add a field in the logstash config 现在,假设我想在logstash配置中添加一个字段 

json{
    source => "message"
    add_field => {
            "NAME" => "%{ What to write here ?}"
            "STATE" => "%{ What to write here ?}"
    }
}

Is there a way to access the JSON Input such that I get a field Name with value name1, another field with name 2 and a third field with name 3. The first key in the JSON is changing, that means there can only be one or many more parts. 有没有办法访问JSON输入,以便我得到一个值为name1的字段名称,另一个名称为2的字段和一个名称为3的第三个字段.JSON中的第一个键是更改,这意味着只能有一个或更多的部分。 So I don't want to hardcode it like 所以我不想像它那样硬编码 

%{[0][name]}

Thanks for your help. 谢谢你的帮助。

1 个解决方案

解决方案1
 2 已采纳  2015-10-06 08:35:29

If you remove all new lines in your input you can simply use the json filter . 如果删除输入中的所有新行,则只需使用json过滤器即可 You don't need any add_field action. 您不需要任何add_field操作。

Working config without new lines: 没有新行的工作配置: 

filter {
        json { source => message }
}

If you can't remove the new lines in your input you need to merge the lines with the multiline codec . 如果无法删除输入中的新行,则需要将这些行与多行编解码器合并。

Working config with new lines: 使用新行进行工作配置: 

input {   
    file {
        path => ["/path/to/your/file"] # I suppose your input is a file.
        start_position => "beginning"
        sincedb_path => "/dev/null" # just for testing
        codec => multiline {
            pattern => "^}"
            what => "previous"
            negate => "true"
        }
    }
}

filter {
    mutate { replace => { "message" => "%{message}}" }  }
    json { source => message }
}

I suppose that you use the file input. 我想你使用文件输入。 In case you don't, just change it. 如果你不这样做,只需改变它。

Output (for both): 输出(两者): 

"2" => {
     "name" => "name2",
    "state" => "state2"
},
"1" => {
     "name" => "name1",
    "state" => "state1"
},
"0" => {
     "name" => "name0",
    "state" => "state0"
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 angular:使用变量键访问JSON值 - angular: accessing a JSON value using a variable key 访问嵌套的JSON值 - Accessing nested JSON value 从javascript中的json访问嵌套数组键,值 - accessing nested array key,value from json in javascript 在嵌套JSON中访问键的值,该键转换为python中的字典 - Accessing the value of a key in a nested JSON converted to a dictionary in python 访问JSON对象中的嵌套键 - Accessing nested key in JSON objects 使用香草JavaScript访问嵌套在JSON对象中的具有已知名称的属性的值 - Accessing the value of a property with a known name that is nested in a JSON object with vanilla JavaScript 将键名更改为嵌套 JSON 的键值结构 - Change the key name to be the key value structure of a nested JSON 访问JSON中的嵌套对象名称 - Accessing nested object name in JSON 使用变量键通过 jq 访问 JSON 值 - Accessing JSON value via jq using variable key 在logstash中,如何按json键和值过滤日志? - In logstash, How to filter logs by json key and value?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM