1,需求说明
===原始数据格式: 1条 (2*2)==》4个指标数据
[{"app":"aa","url":"www.1.com","metrics":[{"name":"cpu","value":11},{"name":"mem","value":1}]},
{"app":"bb","url":"www.2.com","metrics":[{"name":"cpu","value":12},{"name":"mem","value":2}]}]
====> 希望得到的数据格式 =》 4个指标数据单独为一行
1{
"name" => "cpu",
"app" => "aa",
"@timestamp" => 2024-11-22T05:57:29.671882657Z,
"url" => "www.1.com",
"value" => 11
}
2{
"name" => "mem",
"app" => "aa",
"@timestamp" => 2024-11-22T05:57:29.671882657Z,
"url" => "www.1.com",
"value" => 1
}
3{
"name" => "cpu",
"app" => "bb",
"@timestamp" => 2024-11-22T05:57:29.672029155Z,
"url" => "www.2.com",
"value" => 12
}
4{
"name" => "mem",
"app" => "bb",
"@timestamp" => 2024-11-22T05:57:29.672029155Z,
"url" => "www.2.com",
"value" => 2
}
2,logstash 任务配置
[root@t1 test]
[{"app":"aa","url":"www.1.com","metrics":[{"name":"cpu","value":11},{"name":"mem","value":1}]},{"app":"bb","url":"www.2.com","metrics":[{"name":"cpu","value":12},{"name":"mem","value":2}]}]
[root@t1 test]
input {
file {
path => "/root/test/a.json"
start_position => "beginning"
codec => "json"
sincedb_path => "/dev/null"
}
}
filter {
if [message] {
json {
source => "message"
target => "data_array"
}
split {
field => "data_array"
remove_field => "message"
}
}
split {
field => "metrics"
}
mutate {
add_field => {"field1" => "%{metrics}"}
}
json {
source => "field1"
}
mutate {
remove_field => ["field1","metrics","log","host","@version"]
}
}
output {
stdout { codec => rubydebug }
}
[root@t1 test]