如何在 logstash 中拆分文件名?
How to split file name in logstash?
我正在从 s3 存储桶中注入一个文件到 logstash,我的文件名包含一些信息,我想将文件名拆分为多个字段,以便将它们用作单独的字段。请帮助我,我是麋鹿的新手。
input {
s3 {
bucket => "***********"
access_key_id => "***********"
secret_access_key => "*******"
"region" => "*********"
"prefix" => "Logs"
"interval" => "1"
"additional_settings" => {
"force_path_style" => true
"follow_redirects" => false
}
}
}
filter {
mutate {
add_field => {
"file" => "%{[@metadata][s3][key]}" //This file name have to split
}
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "indexforlogstash"
}
}
在 filter 部分,您可以利用 dissect filter 来实现您想要的:
filter {
...
dissect {
mapping => {
"file" => "Logs/%{deviceId}-%{buildId}-log.txt"
}
}
}
通过此过滤器后,您的文档将获得两个新字段,即:
deviceId (1232131)buildId (custombuildv12)
我正在从 s3 存储桶中注入一个文件到 logstash,我的文件名包含一些信息,我想将文件名拆分为多个字段,以便将它们用作单独的字段。请帮助我,我是麋鹿的新手。
input {
s3 {
bucket => "***********"
access_key_id => "***********"
secret_access_key => "*******"
"region" => "*********"
"prefix" => "Logs"
"interval" => "1"
"additional_settings" => {
"force_path_style" => true
"follow_redirects" => false
}
}
}
filter {
mutate {
add_field => {
"file" => "%{[@metadata][s3][key]}" //This file name have to split
}
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "indexforlogstash"
}
}
在 filter 部分,您可以利用 dissect filter 来实现您想要的:
filter {
...
dissect {
mapping => {
"file" => "Logs/%{deviceId}-%{buildId}-log.txt"
}
}
}
通过此过滤器后,您的文档将获得两个新字段,即:
deviceId(1232131)buildId(custombuildv12)