elasticsearch索引中的json数据如下:
{
"_index": "tower",
"_type": "_doc",
"_id": "sadssasadsadsa",
"_version": 1,
"_score": null,
"_source": {
"task": "",
"event_data": {
"playbook_uuid": "sasdsad21w",
"processed": {
"11.22.33.46": 1,
"11.22.33.44": 1,
"11.22.33.45": 1
},
"failures": {
"11.22.33.46": 1
},
"changed": {
"11.22.33.44": 1
},
"playbook": "test.yml",
"ignored": {},
"ok": {
"11.22.33.46": 1,
"11.22.33.44": 4,
"11.22.33.45": 1
},
"dark": {
"11.22.33.45": 1
}
},
"level": "INFO",
"event_display": "Playbook Complete",
"stdout": "\r\nPLAY RECAP*********************************************************************\r\n\u001b[0;33m11.22.33.44\u001b[0m : \u001b[0;32mok=4 \u001b[0m \u001b[0;33mchanged=1 \u001b[0m unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 \r\n\u001b[0;31m11.22.33.45\u001b[0m : \u001b[0;32mok=1 \u001b[0m changed=0 \u001b[1;31munreachable=1 \u001b[0m failed=0 skipped=0 rescued=0 ignored=0 \r\n\u001b[0;31m11.22.33.46\u001b[0m : \u001b[0;32mok=1 \u001b[0m changed=0 unreachable=0 \u001b[0;31mfailed=1 \u001b[0m skipped=0 rescued=0 ignored=0 \r\n",
"@version": "1",
"tags": [
"tower"
]
},
"fields": {
"@timestamp": [
"2020-12-24T06:14:20.202Z"
]
}
}现在我想创建一个无痛脚本,它将计算
"processed": {
"11.22.33.46": 1,
"11.22.33.44": 1,
"11.22.33.45": 1
},
"failures": {
"11.22.33.46": 1
},
"dark": {
"11.22.33.45": 1
}例如,这里的计数看起来像
processed: 3
failures: 1
dark: 1所有这些值都将存储在新字段中。
我试过用 return params['_source']['event_data']['processed'].size(); 只是为了得到处理过的尺寸,但它不起作用。
任何帮助都将不胜感激。
1条答案
按热度按时间wa7juj8i1#
你可以用
script_fields像这样:顺从的