堆栈内存溢出
  简体   繁体   English

使用logstash解析json数组字符串

[英]parse json array string using logstash

 原文  2019-08-21 20:58:23       elasticsearch/ logstash/ logstash-configuration

问题描述

I want to parse this json using logstash. 我想使用logstash解析此json。

{"name":"bob","last":"builder", "atts":"{\\"a\\":111, \\"b\\":222}"} {“ name”:“ bob”,“ last”:“ builder”,“ atts”:“ {\\” a \\“:111,\\” b \\“:222}”}

{ "name" => "bob", "last" => "builder" "atts" => { "a" => 111, "b" => 222} } {“ name” =>“ bob”,“ last” =>“ builder”“ atts” => {“ a” => 111,“ b” => 222}}

1 个解决方案

解决方案1
 2 已采纳  2019-08-21 23:19:06

Two options! 两种选择!

Parsing JSON using Logstash 使用Logstash解析JSON

If you want to parse JSON using logstash- would refer to the logstash plugin here: 如果要使用logstash-解析JSON,请在此处参考logstash插件:

https://www.elastic.co/guide/en/logstash/current/plugins-filters-json.html https://www.elastic.co/guide/zh-CN/logstash/current/plugins-filters-json.html

To achieve this- you'd be toying with the filter part of your logstash.conf: 要实现这一点,您将需要使用logstash.conf的过滤器部分: 

filter {
   json {
     source => "message"
   }
}

there are more examples of json decoding in that link. 该链接中有更多json解码的示例。

Parsing JSON using Filebeat 使用Filebeat解析JSON

Your other option would be to decode json on the filebeat side before it gets into logstash. 您的另一个选择是在文件拍子端解码json,然后将其转换为logstash。 Relevant links: 相关链接:

https://www.elastic.co/guide/en/beats/filebeat/current/decode-json-fields.html https://www.elastic.co/guide/zh-CN/beats/filebeat/current/decode-json-fields.html

https://discuss.elastic.co/t/parse-json-data-with-filebeat/80008/5 https://discuss.elastic.co/t/parse-json-data-with-filebeat/80008/5

https://discuss.elastic.co/t/parse-json-data-with-filebeat/80008/7 https://discuss.elastic.co/t/parse-json-data-with-filebeat/80008/7

https://discuss.elastic.co/t/how-to-read-json-file-using-filebeat-and-send-it-to-elasticsearch/91802 https://discuss.elastic.co/t/how-to-read-json-file-using-filebeat-and-send-it-to-elasticsearch/91802

Here's a sample filebeat.yml for this situation: 这是用于这种情况的样本filebeat.yml: 

filebeat.inputs:
  - type: log
    paths:
      - 'path to the log directory you want to track'
    enter code here
    input_type: log
    json.keys_under_root: true
    json.add_error_key: true
    fields:
        log_type: 'type of log'

    processors:
    - decode_json_fields:
        fields: ["message"]
        process_array: true

    - add_tags:
        tags:
            - 'tag in elastic'

filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml

setup.template.settings:
  index.number_of_shards: 1

output.logstash:
  # The Logstash hosts
  hosts: ["where logstash is running"]
  index: 'your index'

  codec.json:
    pretty: true
    escape_html: false

#================================ Processors =====================================
# Configure processors to enhance or manipulate events generated by the beat.
processors:
- decode_json_fields:
    fields: ["message"]
    process_array: true

json.keys_under_root: true
json.add_error_key: true

and 

processors:
    - decode_json_fields:
        fields: ["message"]
        process_array: true

does the trick. 绝招。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在Logstash中分解json数组字符串 - Decompose json array string in Logstash 在Logstash中使用grok解析具有数组的多行JSON - Parse Multiline JSON with Arrays using grok in logstash 如何使用Grok在Logstash中解析日志字符串? - How to parse a log string in Logstash using Grok? Logstash:从数组到字符串的XML到JSON输出 - Logstash: XML to JSON output from array to string Logstash json解析 - Logstash json parse 在logstash中解析嵌套的json - Parse nested json in logstash Logstash-JSON解析列表 - Logstash - JSON parse list Logstash不解析json - Logstash does not parse json 将JSON嵌套字符串数组转换为平面字符串logstash - Convert a json nested string array to a flat string logstash 如何使用logstash(grok)解析以下字符串? - How can I parse the following string using logstash (grok)?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM