如何在logstash中创建条件字段?
[英]How to create a conditional field in logstash?
问题描述
I have a field called "Priority" which has integer values like 1 to 10. Here 1 is the lowest and 10 is the highest. 
我有一个名为“ Priority”的字段,该字段的整数值为1到10。这里1是最低的,而10是最高的。 How to show string values, rather than, numbers to make this field more understandable. 如何显示字符串值而不是数字,以使该字段更容易理解。 So new field should contain 3 values ie 因此,新字段应包含3个值,即
low ---> if priority lies in 1 to 3
Medium---> if priority lies in 4-7
high---->if priority lies in 8-10
2 个解决方案
解决方案1
3 2015-10-28 09:13:33
First of all, you need to assure that your priority value is of type int . 首先,您需要确保您的优先级值是int类型。 After that you can use logstash's conditionals to change the value into a string. 之后,您可以使用logstash的条件将值更改为字符串。
Example Configuration: 配置示例:
input { stdin {} }
filter {
grok { match => { "message" => [" %{NUMBER:priority:int}" ] } }
if [priority] < 4 {
mutate { replace => { "priority" => "low" } }
} else if [priority] < 8 {
mutate { replace => { "priority" => "medium" } }
} else {
mutate { replace => { "priority" => "high" } }
}
}
output {stdout { codec => rubydebug }}
Please note the grok filter which parses your number into a field of type int . 请注意grok过滤器 ,它将您的数字解析为int类型的字段。
%{NUMBER:priority:int}
That means, wherever you get your priority field from, you need to take care that it contains an int. 这意味着,无论从何处获得优先级字段,都需要注意它包含一个int。 Otherwise you could do this by comparing string values. 否则,您可以通过比较字符串值来做到这一点。
解决方案2
0 2015-10-28 17:00:47
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.