如何获取logstash中的字段值?
how to get field value in logstash?
从我的输出如下,
"message" =>"<....... ",
"@version" => "1",
"@timestamp" => "2016-04-29T02:33:34.586Z",
"timestamp" => "Apr 29 10:30:37",
"syslog_severity_code" => 5,
"syslog_facility_code" => 1,
"syslog_facility" => "user-level",
"syslog_severity" => "notice"
我尝试获取字段值
filter
{
mutate {
add_field => {"newfield"=> "timestamp"}
}
但仍然无法获取到newfield的时间戳值
它会得到
"newfield" => "newfield",
是否有人遇到同样的问题或找到了解决方案?
欢迎任何帮助来解决这个问题。
这很简单,像这样做:
filter
{
mutate {
add_field => ["newfield"=> "%{timestamp}"]
}
您可以获得:
"message" => "test it \b\b",
"@version" => "1",
"@timestamp" => "2016-04-28T09:16:56.934Z",
"host" => "bag",
"timestamp" => "Apr 29 10:30:37",
"new_field" => "Apr 29 10:30:37"
从我的输出如下,
"message" =>"<....... ",
"@version" => "1",
"@timestamp" => "2016-04-29T02:33:34.586Z",
"timestamp" => "Apr 29 10:30:37",
"syslog_severity_code" => 5,
"syslog_facility_code" => 1,
"syslog_facility" => "user-level",
"syslog_severity" => "notice"
我尝试获取字段值
filter
{
mutate {
add_field => {"newfield"=> "timestamp"}
}
但仍然无法获取到newfield的时间戳值 它会得到
"newfield" => "newfield",
是否有人遇到同样的问题或找到了解决方案? 欢迎任何帮助来解决这个问题。
这很简单,像这样做:
filter
{
mutate {
add_field => ["newfield"=> "%{timestamp}"]
}
您可以获得:
"message" => "test it \b\b",
"@version" => "1",
"@timestamp" => "2016-04-28T09:16:56.934Z",
"host" => "bag",
"timestamp" => "Apr 29 10:30:37",
"new_field" => "Apr 29 10:30:37"