我想在此之前将 cvs.file 从 logstash 上传到 elasticsearch 通过 DISSECT FILTER 将具有不同数量字符串的单个单元格拆分为单独的单元格(字段) 从字符串本身分配字段的名称。如果我手动写入字段的名称及其编号(如下例所示),它可以工作,但在真实数据库中,类别列中的每一行都有不同数量的字符串。我需要在“消息”中编写一个通用条目,它将字符串分隔成单独的字段,而不管它们的数量。字段名称必须与单元格中字符串的值相匹配。
这里是工作代码: 资料
ID,Name,Category
1,Sofa,"Furniture,Soft furnishings,Altcategory1"
2,Desk Chair,"Furniture,Hard furnishings,Altcategory2"
input{
file {
path => "E:/test.csv"
start_position => "beginning"
sincedb_path => "NULL"
}
}
filter {
dissect {
mapping => {
"message" => '%{product_id},%{name},"%{category},%{sub_category},%{alt_category}"'
}
}
}
output{
elasticsearch {
hosts => "http://localhost:9200"
index => "test_products5"
user => "elastic"
password => "**"
}
stdout{}
}
ELK表演什么:
"_source": {
"product_id": 1,
"name": "Desk Chair",
"category": "Furniture",
"sub_category": "Hard furnishings",
"alt_category": "Altcategory2",
}
"_source": {
"product_id": 2,
"name": "Sofa",
"category": "Furniture",
"sub_category": "Soft furnishings",
"alt_category": "Altcategory1",
}
Which is correct but real data is a bit complicated that this example.
无法按我想要的方式上传的真实数据示例:
ID,Name,Category
1,Sofa,"Furniture,Soft furnishings, categoryE7E7163,Hendi,"
2,Desk Chair,"Furniture,Hard furnishings" - (Category column contains less strings than the row above
What I need to be stored in ELK
“_来源”:{ “编号”:1, "名称": "桌椅", “类别”:“家具”, 《硬装》:《硬装》 }
“_来源”:{ “编号”:2, "名称": "沙发", “类别”:“家具”, "软装": "软装", "categoryE7E7163": "categoryE7E7163", "巴切尔": "巴切尔", }
我找到了''。点键解决方案''这可能对我有帮助但不知道如何实施。我猜应该是这样的:
filter {
dissect {
mapping => {
"message" => '%{product_id},%{name},"%{.},%{.},%{.}%{.},%{.},%{.}"'
}
}
但它也不起作用我不知道如何处理不同数量的类别字符串 }