如何获取logstash中的字段值?
[英]how to get field value in logstash?
问题描述
from my output as below, 
从我的输出如下
"message" =>"<....... ",
"@version" => "1",
"@timestamp" => "2016-04-29T02:33:34.586Z",
"timestamp" => "Apr 29 10:30:37",
"syslog_severity_code" => 5,
"syslog_facility_code" => 1,
"syslog_facility" => "user-level",
"syslog_severity" => "notice"
i try to get the field value 我尝试获取字段值
filter
{
mutate {
add_field => {"newfield"=> "timestamp"}
}
but still cann't get the timestamp value to newfield it's will get 但仍然无法将时间戳记值传递给newfield
"newfield" => "newfield",
Is anyone is having the same problem or find a solution? 是否有人遇到相同的问题或找到解决方案? Any help is welcome to resolve this. 欢迎任何帮助解决此问题。
1 个解决方案
解决方案1
0 已采纳 2016-04-29 06:00:33
That`s easy,do it like this: 很简单,这样做:
filter
{
mutate {
add_field => ["newfield"=> "%{timestamp}"]
}
You can get : 你可以得到 :
"message" => "test it \b\b",
"@version" => "1",
"@timestamp" => "2016-04-28T09:16:56.934Z",
"host" => "bag",
"timestamp" => "Apr 29 10:30:37",
"new_field" => "Apr 29 10:30:37"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.