Logstash合并具有根对象的字段 [英] Logstash Merge Field With Root Object

问题描述

我有类似这样的logstash输入

I have logstash input that looks like this

{
    "@timestamp": "2016-12-20T18:55:11.699Z",
    "id": 1234,
    "detail": {
        "foo": 1
        "bar": "two"
    }
}

我想将详细信息" 的内容与根对象合并，以使最终事件看起来像这样:

I would like to merge the content of "detail" with the root object so that the final event looks like this:

{
    "@timestamp": "2016-12-20T18:55:11.699Z",
    "id": 1234,
    "foo": 1
    "bar": "two"
}

是否有一种无需编写我自己的过滤器插件即可完成此操作的方法?

Is there a way to accomplish this without writing my own filter plugin?

推荐答案

您可以使用红宝石滤镜进行此操作.

You can do this with a ruby filter.

filter { ruby { code => " event['detail'].each {|k, v| event[k] = v } event.remove('detail') " } }

filter { ruby { code => " event['detail'].each {|k, v| event[k] = v } event.remove('detail') " } }

这篇关于Logstash合并具有根对象的字段的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！