我在logstash输出中有以下数据:
"细节"=>quot;SAID,:EGT1_M2P7_01,:LIP,:10-168-98-203::RIP,:10-81-122-84:";,
我想根据分隔符制作动态键值对
",:"意思是";SAID";是关键;EGT1_M2P7_01";是值":"意味着它是一条新线,并且再次"意思是";LIP";是关键;10-168-98-203";是值。
需要知道如何做。期待答案
对于您给的输入
"SAID,:EGT1_M2P7_01,::LIP,:10-168-98-203::RIP,:10-81-122-84:"
这个filter plugin和stdout
filter {
kv {
source => "Details"
field_split => "::"
value_split => ":"
}
mutate {
remove_field => ["host", "@timestamp","@version", "message", "sequence" ]
}
}
output {
stdout {
codec => rubydebug
}
}
给你
{
"LIP," => "10-168-98-203",
"SAID," => "EGT1_M2P7_01,",
"RIP," => "10-81-122-84"
}
通过在上面的remove_field列表中添加,删除特定于主机系统的其他字段。