是时候用 ES 拯救发际线啦

logstash 如何批量提取index中的某个字段内容?

Logstash | 作者 wajika | 发布于2020年12月12日 | 阅读数:1661
分享到:QQ空间新浪微博微信QQ好友印象笔记有道云笔记


{
"_index" : "apm-7.8.1-transaction-000001",
"_type" : "_doc",
"_id" : "ZLgt3HMBgfVxNHvjiu4d",
"_score" : 1.0,
"_source" : {
"parent" : {
"id" : "b1df484b2c116f92"
},
"service" : {
"node" : {
"name" : "XXX"
},
"environment" : "Production",
"framework" : {
"name" : "ASP.NET Core",
"version" : "2.2.0.0"
},
"name" : "Web_Host",
"runtime" : {
"name" : ".NET Core",
"version" : "2.1.5"
},
"language" : {
"name" : "C#"
},
"version" : "1.0.0"
},
"host" : {
"hostname" : "lA",
"ip" : "1.1.1.1",
"name" : "PortalA"
},
"client" : {
"ip" : "1.1.1.1"
},
"http" : {
"request" : {
"headers" : {
"X-Original-Proto" : [
"http"
],
"Origin" : [
"http://xxx.xxx.co"
],
"Accept" : [
"application/json, text/plain, */*"
],
"Remoteip" : [
"1.1.1.1"
],
"Ms-Aspnetcore-Token" : [
"[REDACTED]"
],
"Connection" : [
"Keep-Alive"
],
"Referer" : [
"http://xxx.cn/qaz.html"
],
"User-Agent" : [
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"
],
"Host" : [
"ims.lonsid.co"
],
"Accept-Encoding" : [
"gzip, deflate"
],
"X-Original-For" : [
"127.0.0.1:64289"
],
"body" : {
"original" : """{"ids":["76fd88fe-1c9a-49e4-a61d-08d83da9bce5"]}"""
}
},
"response" : {
"headers" : {
"Transfer-Encoding" : [
"chunked"
],
"X-Frame-Options" : [
"SAMEORIGIN"
],
"Server" : [
"Kestrel"
],
"Access-Control-Allow-Origin" : [
"http://xxx.xxx.co"
],
"Access-Control-Allow-Credentials" : [
"true"
],
"X-Content-Type-Options" : [
"nosniff"
],
"X-Xss-Protection" : [
"1; mode=block"
],
"Vary" : [
"Origin"
],
"Date" : [
"Tue, 11 Aug 2020 06:20:27 GMT"
],
"Content-Type" : [
"application/json; charset=utf-8"
]
},
"status_code" : 200,
"finished" : true
},
"version" : "1.1"
},
"user" : {
"id" : "24f180e9-7908-4816-7aa8-08d760cbc0a3"
},
"transaction" : {
"duration" : {
"us" : 13340
},
"result" : "HTTP 2xx",
"name" : "POST xxxx",
"span_count" : {
"dropped" : 0,
"started" : 1
},
"id" : "95c3ff8551b09e9c",
"type" : "request",
"sampled" : true
},
"user_agent" : {
"original" : "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"
},
"timestamp" : {
"us" : 1597126827602612
}
}
}
 
 
 


我想提取index中所有"service.name"的内容,filter应该怎么写呢? 
上面service.name 是"name" : "Web_Host"
2020-12-12 添加评论

没有找到相关结果

    已邀请:
    为什么被折叠? 0 个回复被折叠

    要回复问题请先登录注册

    Copyright © 2024 · CC BY-NC-SA 3.0

    本站服务器及带宽由 提供赞助