本文链接:https://blog.csdn.net/u011311291/article/details/86743642
现有json:

{
	"name":"zhangsan",
	"friends":
	{
		"friend1":"lisi",
		"friend2":"wangwu",
		"msg":["haha","yaya"]
	}
}
1
2
3
4
5
6
7
8
9
将其解析为:

{
	"name":"zhangsan",
	"friend1":"lisi",
	"friend2":"wangwu",
	"msg":["haha","yaya"]
}
1
2
3
4
5
6
logstash.conf

input 
{
	stdin
	{
		codec => json
	}
}

filter
{
	mutate
	{
      add_field => { "@friends" => "%{friends}" } #先新建一个新的字段,并将friends赋值给它
    }
	json
	{
		source => "@friends"	#再进行解析
		remove_field => [ "@alert","alert" ]	#删除不必要的字段,也可以不用这语句
	}
}

output
{
	stdout { }
}
————————————————
版权声明:本文为CSDN博主「姚贤贤」的原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/u011311291/article/details/86743642

 

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注