1
我正在处理一些指标数据并将它们存储到Elasticsearch中。现在我想从Elasticsearch获取这些数据并对它们应用过滤器,目标是在logstash过滤之后有更多相关字段。为此,我计划使用grok过滤器。但我不是Grok专家,我从来没有分析过这种数据。Logstash grok筛选器收集度量数据
这是Elasticsearch未来的样本数据:
{
"_index" : "metrics",
"_type" : "metrics",
"_id" : "AVh4R8n3cN8PY7B3sFIM",
"_score" : 1.0,
"_source" : {
"event_time" : "2016-11-18T16:31:59.769Z",
"message" : "[{\"values\":[0.04,0.18,0.17],\"dstypes\":[\"gauge\",\"gauge\",\"gauge\"],\"dsnames\":[\"shortterm\",\"midterm\",\"longterm\"],\"time\":1479486719.645,\"interval\":10.000,\"host\":\"test-host\",\"plugin\":\"load\",\"plugin_instance\":\"\",\"type\":\"load\",\"type_instance\":\"\"}]",
"version" : "1",
"tags" : [ ]
}
}
logstash过滤后,我希望有这样的:
{
"_index" : "metrics",
"_type" : "metrics",
"_id" : "AVh4R8n3cN8PY7B3sFIM",
"_score" : 1.0,
"_source" : {
"event_time" : "2016-11-18T16:31:59.769Z",
"values" : [0.04,0.18,0.17],
"dstypes" : ["gauge","gauge","gauge"],
"dsnames": ["shortterm","midterm","longterm"],
"time" : 1479486719.645,
"interval" : 10.000,
"host" : "test-host",
"plugin" : "load",
"plugin_instance" : "",
"type" : "load",
"type_instance" : ""
}
}
有人可以帮助我通过给予建议或样品神交过滤器来实现这一?
预先感谢您!