以下是实例
原始数据:
{"countnum":2,"checktime":"2017-05-23 16:59:32"}
{"countnum":2,"checktime":"2017-05-23 16:59:32"}
1、无涉及字段类型转换 logstash filter 配置如下参数即可
if [type] == "onlinecount" {
json{
source => "message"
}
}
2、涉及字段类型转换
logstash filter
if [type] == "onlinecount" {
mutate{
split=>["message",","]
add_field => {
"coutnum" => "%{[message][0]}"
}
add_field => {
"checktime" => "%{[message][1]}"
}
remove_field => ["message"]
}
json{
source => "coutnum"
source => "checktime"
#convert => { "coutnum" => "integer" }
target => "coutnum"
target => "checktime"
}
}
本文出自 “BeingAWhole回忆积木小屋” 博客,谢绝转载!
logstash filter 处理json数据按原始数据字段数据存储
原文地址:http://tobeawhole.blog.51cto.com/2335463/1928723
