我正在将s3 bucket中的一个文件注入logstash,我的文件名包含一些信息,我想将文件名拆分为多个字段,这样我就可以将它们用作单独的字段。请帮帮我,我是麋鹿新手。
input {
s3 {
bucket => "***********"
access_key_id => "***********"
secret_access_key => "*******"
"region" => "*********"
"prefix" => "Logs"
"interval" => "1"
"additional_settings" => {
"force_path_style" => true
"follow_redirects" => false
}
}
}
filter {
mutate {
add_field => {
"file" => "%{[@metadata][s3][key]}" //This file name have to split
}
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "indexforlogstash"
}
}
在filter部分中,您可以利用dissect过滤器来实现您想要的:
filter {
...
dissect {
mapping => {
"file" => "Logs/%{deviceId}-%{buildId}-log.txt"
}
}
}
经过这个过滤器后,您的文档将获得两个新字段,即:
deviceId(1232131(buildId(自定义建筑12(