Мне нужно создать новое поле, например имя, из существующего поля сообщения json, которое будет обнаружено в таблице kibana.
Ввод выглядит следующим образом:
{"results":[{"gender":"female","name":{"title":"Ms","first":"Eden","last":"Morel"},"location":{"street":{"number":1412,"name":"Rue Abel-Hovelacque"},
"city":"Angers","state":"Pyrénées-Atlantiques","country":"France","postcode":21446,"coordinates":{"latitude":"-3.8242","longitude":"87.5006"},"timezone":{"offset":"-12:00",
"description":"Eniwetok, Kwajalein"}},
"email":"eden.morel@example.com","login":{"uuid":"4be0250c-2848-4db5-a6a2-c0cf9e6730c3","username":"bluerabbit132",
"password":"nipper","salt":"FsH1RuQB","md5":"d25604b4f525093a171bf9f9c0f16268","sha1":"76c392c6a13bb191ec219a8a9907e7cb914fcf92",
"sha256":"8d9f2fbe1e9174d8a42d2cacde36dab5feda235b377f43ec5f3f9022de67ab1f"},"dob":{"date":"1988-04-29T06:59:05.741Z","age":32},
"registered":{"date":"2019-09-15T22:27:53.874Z","age":1},"phone":"05-44-20-72-74","cell":"06-83-85-66-62","id":{"name":"INSEE","value":"2NNaN47984362
17"},
"picture":{"large":"https://randomuser.me/api/portraits/women/57.jpg","medium":"https://randomuser.me/api/portraits/med/women/57.jpg","thumbnail":"https://randomuser.me/api/portraits/thumb/women/57.jpg"},"nat":"FR"}],"info":{"seed":"61e2198c825b6740","results":1,"page":1,"version":"1.3"}}
My Json conf файл выглядит следующим образом:
input
{
http_poller {
urls => {
urlname => "https://randomuser.me/api"
}
request_timeout => 60
schedule => { every => "20s"}
codec => "json"
}
}
filter
{
json { source => "message" }
mutate
{
add_field => { "applicationID" => "12" }
add_field => { "newfield" => "[message][results][0]"}
}
}
output
{
elasticsearch
{
hosts => "http://localhost:9200"
index => "logstash_http_poller_61"
document_type => "npoller"
}
stdout
{
codec => dots
}
}
Но хотя я могу добавить applicationID в новых столбцах, но newfield не добавляется. Я новичок в ELK Пожалуйста, помогите.
Спасибо, Рой