json - Logstash 拆分 JSON 数组
问题描述
我正在使用以下过滤器来拆分 JSON 数组,以便数组中的每个数据都有一条消息:
input {
stdin {}
}
filter {
split {
field => "results"
}
}
output {
stdout { codec => rubydebug }
}
我发送的输入是:
{"results" : [{"id": "a1", "name": "hello"}, {"id": "a2", "name": "logstash"}]}
然而,输出是一条带有以下错误的消息:
[main] Only String and Array types are splittable. field:results is of type = NilClass
/logstash-7.4.0/vendor/bundle/jruby/2.5.0/gems/awesome_print-1.7.0/lib/awesome_print/formatters/base_formatter.rb:31: warning: constant ::Fixnum is deprecated
{
"message" => "{\"results\" : [{\"id\": \"a1\", \"name\": \"hello\"}, {\"id\": \"a2\", \"name\": \"logstash\"}]}",
"@version" => "1",
"@timestamp" => 2019-10-18T14:07:57.285Z,
"host" => "C02Z40E8LVDR",
"tags" => [
[0] "_split_type_failure"
]
}
有什么提示吗?非常感谢。基督教
解决方案
如 Logstash 网站中所述:https ://www.elastic.co/guide/en/logstash/current/plugins-filters-json.html
您应该使用 JSON 过滤器插件,通过应用
filter {
json {
source => "message"
}
}
而不是split过滤器。