elasticsearch—有没有什么方法可以将日志中的json数据展平

rxztt3cl  于 2021-06-10  发布在  ElasticSearch
关注(0)|答案(1)|浏览(417)

我的json

{
 "foo1":{
  "number":1,
  "type":"In progrss",
  "submit_time":"2020-10-04",
  "id_type":"2153707",
  "order_id":"1601849877",
  "foo2":[
     {
        "t1":"xyz",
        "t2":"qwe",
        "t3":"yty"
     }
  ],
  "order_date":"19/09/2020",
  "shipping_date":"2020-10-04",
  "shipping_id":"89775555",
  "tracking_id":"98876"
 }
}

我想要这样:

"number": 1,
 "type": "in progrss",
 "submit_time": "2020-10-04T16:17:33-0600",
 "id_type": 2153707,
 "order_id": 1601849877,
 "order_date": 19/09/2020,
 "shipping_date": "2020-10-04T16:17:57-0600",
 "shipping_id": "89775555",
 "tracking_id": "98876",
 "order_id": 1601849877,
  "foo2": [
    "xyz",
    "we",
    "yty"
      ],

我试过了 filter { json { source => "foo1" target => "jsoncontent" } } 但它没有给我任何东西。任何我在过滤部分遗漏的东西,或者有什么不同的方法可以做。提前谢谢

busg9geu

busg9geu1#

如果您是在json的扁平化之后,请检查弹性讨论的这个答案。该讨论线程中的ruby脚本解决方案将给出以下输出。

{
         "foo1.order_id" => "1601849877",
             "foo1.foo2" => [
        [0] {
            "t1" => "xyz",
            "t3" => "yty",
            "t2" => "qwe"
        }
    ],
       "foo1.order_date" => "19/09/2020",
          "foo1.id_type" => "2153707",
                  "host" => "37eda5039626",
            "@timestamp" => 2020-10-06T08:30:22.463Z,
                  "type" => "json",
      "foo1.submit_time" => "2020-10-04",
             "foo1.type" => "In progrss",
                  "path" => "/usr/share/logstash/stack/data/file.json",
           "foo1.number" => 1,
    "foo1.shipping_date" => "2020-10-04",
      "foo1.tracking_id" => "98876",
              "@version" => "1",
      "foo1.shipping_id" => "89775555"
}

相关问题