Logstash解析字段问题
Logstash parse field issue
我有一个日志打印如下,
"message" => "....",
"host" => "10.10.12.13",
"@version" => "1",
"@timestamp" => "2016-04-13T01:52:43.535Z",
"DISMAN-EVENT-MIB::sysUpTimeInstance" => "22 days, 16:33:23.24",
"SNMP-MIB::OID_0" => "example::bgpPeerState",
"source_ip" => "10.10.12.13"
我想解析基于前缀 "specific" 的字符串并为此添加一个字段并删除原来的
"SNMP-MIB::OID_0" => "example::bgpPeerState"
它应该如下所示,
"message" => "....",
"host" => "10.10.12.13",
"@version" => "1",
"@timestamp" => "2016-04-13T01:52:43.535Z",
"type" => "snmptrap",
"DISMAN-EVENT-MIB::sysUpTimeInstance" => "22 days, 16:33:23.24",
"example" => "bgpPeerState",
"source_ip" => "10.10.12.13"
我的会议,
filter
{
if "example" in [SNMP-MIB::OID_0] {
# I don't how to parse it and add a field ???
}
else
{
.......
}
}
一如既往,非常感谢您的帮助!
使用kv过滤器:
filter {
if "example" in [SNMP-MIB::OID_0] {
kv {
source => "SNMP-MIB::OID_0"
value_split => ":"
trim => ":"
remove_field => "SNMP-MIB::OID_0"
}
}
}
}
我有一个日志打印如下,
"message" => "....",
"host" => "10.10.12.13",
"@version" => "1",
"@timestamp" => "2016-04-13T01:52:43.535Z",
"DISMAN-EVENT-MIB::sysUpTimeInstance" => "22 days, 16:33:23.24",
"SNMP-MIB::OID_0" => "example::bgpPeerState",
"source_ip" => "10.10.12.13"
我想解析基于前缀 "specific" 的字符串并为此添加一个字段并删除原来的
"SNMP-MIB::OID_0" => "example::bgpPeerState"
它应该如下所示,
"message" => "....",
"host" => "10.10.12.13",
"@version" => "1",
"@timestamp" => "2016-04-13T01:52:43.535Z",
"type" => "snmptrap",
"DISMAN-EVENT-MIB::sysUpTimeInstance" => "22 days, 16:33:23.24",
"example" => "bgpPeerState",
"source_ip" => "10.10.12.13"
我的会议,
filter
{
if "example" in [SNMP-MIB::OID_0] {
# I don't how to parse it and add a field ???
}
else
{
.......
}
}
一如既往,非常感谢您的帮助!
使用kv过滤器:
filter {
if "example" in [SNMP-MIB::OID_0] {
kv {
source => "SNMP-MIB::OID_0"
value_split => ":"
trim => ":"
remove_field => "SNMP-MIB::OID_0"
}
}
}
}