1. 技术文章
  2. Logstash - specify more than one pipeline

Logstash - specify more than one pipeline

独自空忆成欢 提交于 2020-05-17 06:35:46

问题


I want different fields to be processed in different way.

I have two pipelines. One is to process boolean values, another one is to convert a string to array.

 output {
    stdout {
        codec => rubydebug
    }
    elasticsearch {
        action => "index"
        hosts => ["127.0.0.1:9200"]
        index => "mini_system"
        document_id => "%{mini_system_key}"
        if [source] == "secure_flag" {
            pipeline => "bool-pipeline"
        } else if "partners" == %{FIELD} {
            pipeline => "partners-pipeline"
        }
    }
}

I am trying to do this. But I am not able to achieve this and couldn't find a reference also.

Sample documents:

key,partners,secure_flag,date_added
5369922730525,"1002300,1009747,12359,2285459",FALSE,2020-03-31T14:00:00Z    
2218100624,,FALSE,2020-03-31T14:00:00Z

here,

"1002300,1009747,12359,2285459" is partners. FALSE is secure_flag.

Partners pipeline:

{
  "description": "Converts \"a,b,c\" to [\"a\", \"b\",\"c\"]",
  "processors" : [
    {
      "split" : {
        "field" : "partners",
        "separator": ",",
        "ignore_missing": true
      }
    }
  ]
}

回答1:


You cannot apply logic inside plugin configurations, but you can definitely have several output using if/else logic:

output {
    stdout {
        codec => rubydebug
    }
    if [source] == "secure_flag" {
        elasticsearch {
            action => "index"
            hosts => ["127.0.0.1:9200"]
            index => "mini_system"
            document_id => "%{mini_system_key}"
            pipeline => "bool-pipeline"
        }
    } else if [field_xyz] == "partners" {
        elasticsearch {
            action => "index"
            hosts => ["127.0.0.1:9200"]
            index => "mini_system"
            document_id => "%{mini_system_key}"
            pipeline => "partners-pipeline"
        }
    }
}

UPDATE:

You don't actually need any logic, but simply add both of your processors in the same pipeline:

PUT _ingest/pipeline/mini-pipeline
{
  "processors" : [
    {
      "convert" : {
        "field" : "secure_flag",
        "type": "boolean",
        "ignore_missing": true
      }
    },
    {
      "split" : {
        "field" : "partners",
        "separator": ",",
        "ignore_missing": true
      }
    }
  ]
}

And then simply use this configuration

output {
    stdout {
        codec => rubydebug
    }
    elasticsearch {
        action => "index"
        hosts => ["127.0.0.1:9200"]
        index => "mini_system"
        document_id => "%{mini_system_key}"
        pipeline => "mini-pipeline"
    }
}


来源:https://stackoverflow.com/questions/61725620/logstash-specify-more-than-one-pipeline

标签
ElasticSearch
logstash
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!