分享程序员开发的那些事...
更新时间:2023-02-17 12:47:01
升级到Logstash 5.0后 Val的解决方案停止工作由于事件API 中的更改:正在更新event.to_hash未反映在原始event中.对于Logstash 5.0+,必须使用event.get('field')和event.set('field', value)访问器.
After upgrading to Logstash 5.0 Val's solution stopped working due to a change in the Event API: updating event.to_hash was not reflected in the original event. For Logstash 5.0+ event.get('field') and event.set('field', value) accessors must be used.
现在更新的解决方案是:
The updated solution is now:
input {
http {
port => 8080
codec => json
}
}
filter {
split {
field => "events"
}
ruby {
code => "
event.get('events').each do |k, v|
event.set(k, v)
end
"
}
mutate {
remove_field => [ "events" ]
}
}