键值对的logstash数组
[英]logstash array of key value pairs
问题描述
I am using logstash and I would like to know if there is a way to handle the following: 
我正在使用Logstash,我想知道是否可以处理以下情况:
Using the xml filter I am able to extract a properties field 使用xml过滤器,我可以提取属性字段
<?xml version="1.0"?>
<event logger="RemoteEventReceiver1" timestamp="2016-07-21T12:39:04.0607421-05:00" level="DEBUG" thread="26" domain="/LM/W3SVC/2/ROOT-1-131135962764935573" username="TOOTHLESS\dvdp4">
<message>Test nessage</message>
<properties>
<data name="log4net:HostName" value="Toothless"/>
<data name="log4net:Customer" value="Bob"/>
</properties>
</event>
that looks like this 看起来像这样
"properties" => [
[0] {
"data" => [
[0] {
"name" => "HostName",
"value" => "Toothless"
},
[1] {
"name" => "Customer",
"value" => "Bob"
}
]
}
]
how can I convert it to this? 如何将其转换为此?
“propertiesParsed” => {
“HostName” => “Toothless”,
“Customer” => “Bob”
}
* UPDATE ADDING CONFIG AND DATA FILE * *更新配置和数据文件*
input {
file {
type => "log4net"
path => ["D:/temp/MR4SPO.log"]
start_position => "beginning"
sincedb_path => "nul"
}
}
filter
{
mutate {
# remove xml prefices in the message field
gsub => [ "message", "log4net:", "" ]
}
xml {
source => "message"
target => "log4net"
add_field => {
log4net_message => "%{[log4net][message]}"
# "[log4net][messagetest]" => [log4net][message]
# xxx => "%{[log4net][properties][0][data]}"
}
remove_field => "message"
}
# get json message from log4net
if [log4net_message] =~ "^LS:\s{" {
ruby { code => "event['log4net_message'] = event['log4net_message'][3..-1]" }
json {
source => "log4net_message"
# target => "log4net_json"
}
mutate {
add_field => { forMQ => true }
}
}
mutate {
remove_field => "log4net_message"
}
}
# output logs to console and to elasticsearch
output {
if [forMQ] {
stdout { codec => rubydebug }
}
# elasticsearch { hosts => ["localhost:9200"] }
}
* DATA FILE * *数据文件*
<log4net:event logger="SPMRDLAdd_InWeb.Services.RemoteEventReceiver1" timestamp="2016-07-21T12:39:03.0607421-05:00" level="DEBUG" thread="26" domain="/LM/W3SVC/2/ROOT-1-131135962764935573" username="TOOTHLESS\dvdp4"><log4net:message>My test one</log4net:message><log4net:properties><log4net:data name="log4net:HostName" value="Toothless" /></log4net:properties></log4net:event>
<log4net:event logger="SPMRDLAdd_InWeb.Services.RemoteEventReceiver1" timestamp="2016-07-21T12:39:04.0607421-05:00" level="DEBUG" thread="26" domain="/LM/W3SVC/2/ROOT-1-131135962764935573" username="TOOTHLESS\dvdp4"><log4net:message>LS: { "name" : "file123.jpg", "size" : 50 }</log4net:message><log4net:properties><log4net:data name="log4net:HostName" value="Toothless" /></log4net:properties></log4net:event>
1 个解决方案
解决方案1
1 已采纳 2016-07-28 22:44:49
You can add that ruby filter: 您可以添加ruby过滤器:
...
ruby {
code => "
event['propertiesParsed'] = {}
for value in event['log4net']['properties']
for data in value['data']
event['propertiesParsed'][data['name']] = data['value']
end
end
"
}
...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
如果密钥包含(匹配)一个或多个子字符串,如何从PHP数组中删除键值对 - How to remove key value pairs from a PHP array if the key contains (matches) one or more substrings
如何根据另一个键/值对数组过滤具有复杂嵌套对象的数组? - How to filter an array with complex nested objects based on another array of key/value pairs?
jQuery:如何跳过一个键:值对来过滤数组? - jQuery: How can I filter through an array, skipping some key:value pairs?
MapReduce:如果值不超过阈值,则筛选出键值对 - MapReduce: Filter out key-value pairs if value is not above threshold
根据 PySpark 中的值相等过滤键/值对的 RDD - Filter RDD of key/value pairs based on value equality in PySpark
如何过滤对象数组中的键对(json 和 jq) - How to filter for key pairs in an object array (json and jq)
Python:字典的键/值对子集确定要调用的 function - Python: subset of key/value pairs of a dict determines the function to call
如何匹配与作为 arguments 传递的相同键值对的对象? - How to match objects with the same key-value pairs passed as arguments?
是否可以从日志中删除一些键值对? - is it possible to drop some key-value pairs from logs?
使用javascript从下面的对象获取键值对 - Get Key value pairs from below object using javascript
相关标签