我的JSON
{
"foo1":{
"number":1,
"type":"In progrss",
"submit_time":"2020-10-04",
"id_type":"2153707",
"order_id":"1601849877",
"foo2":[
{
"t1":"xyz",
"t2":"qwe",
"t3":"yty"
}
],
"order_date":"19/09/2020",
"shipping_date":"2020-10-04",
"shipping_id":"89775555",
"tracking_id":"98876"
}
}
"number": 1,
"type": "in progrss",
"submit_time": "2020-10-04T16:17:33-0600",
"id_type": 2153707,
"order_id": 1601849877,
"order_date": 19/09/2020,
"shipping_date": "2020-10-04T16:17:57-0600",
"shipping_id": "89775555",
"tracking_id": "98876",
"order_id": 1601849877,
"foo2": [
"xyz",
"we",
"yty"
],
filter { json { source => "foo1" target => "jsoncontent" } },但是它没有给我任何东西。我在过滤器部分中缺少的任何东西,或者有其他任何方法可以使用。
最佳答案
如果在平整JSON之后,请在Elastic Discuss上检查this answer。
该讨论线程中的ruby脚本解决方案将给出以下输出。
{
"foo1.order_id" => "1601849877",
"foo1.foo2" => [
[0] {
"t1" => "xyz",
"t3" => "yty",
"t2" => "qwe"
}
],
"foo1.order_date" => "19/09/2020",
"foo1.id_type" => "2153707",
"host" => "37eda5039626",
"@timestamp" => 2020-10-06T08:30:22.463Z,
"type" => "json",
"foo1.submit_time" => "2020-10-04",
"foo1.type" => "In progrss",
"path" => "/usr/share/logstash/stack/data/file.json",
"foo1.number" => 1,
"foo1.shipping_date" => "2020-10-04",
"foo1.tracking_id" => "98876",
"@version" => "1",
"foo1.shipping_id" => "89775555"
}
关于json - 有什么办法可以将Logstash中的JSON数据展平,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64221149/