logstash-filter-mutate 插件是Logstash 另一个重要插件,它提供了丰富的基础类型数据处理能力,包括类型转换,字符串处理和字段处理等
1.类型转换
类型转换是logstash-filter-mutate 插件最初诞生时的唯一功能,
可以设置的转换类型包括:"integer","float" 和 "string"。示例如下:
input {
stdin {
}
}
filter {
grok {
match =>{
"message" =>"(?<request_time>d+(?:.d+)?)"
}
}
}
output {
stdout {
codec =>rubydebug
}
}
[elk@Vsftp logstash]$ logstash -f t2.conf
Settings: Default pipeline workers: 4
Pipeline main started
23.45
{
"message" => "23.45",
"@version" => "1",
"@timestamp" => "2017-01-11T02:07:33.581Z",
"host" => "Vsftp",
"request_time" => "23.45"
}
字符串 转换为float型
[elk@Vsftp logstash]$ cat t2.conf
input {
stdin {
}
}
filter {
grok {
match =>{
"message" =>"(?<request_time>d+(?:.d+)?)"
}
}
mutate {
convert => ["request_time", "float"]
}
}
output {
stdout {
codec =>rubydebug
}
}
[elk@Vsftp logstash]$ logstash -f t2.conf
Settings: Default pipeline workers: 4
Pipeline main started
23.45
{
"message" => "23.45",
"@version" => "1",
"@timestamp" => "2017-01-11T02:10:07.045Z",
"host" => "Vsftp",
字符串转换成数值型:
[elk@Vsftp logstash]$ cat t2.conf
input {
stdin {
}
}
filter {
grok {
match =>{
"message" =>"(?<request_time>d+(?:.d+)?)"
}
}
mutate {
convert => ["request_time", "integer"]
}
}
output {
stdout {
codec =>rubydebug
}
}
[elk@Vsftp logstash]$ logstash -f t2.conf
Settings: Default pipeline workers: 4
Pipeline main started
23.45
{
"message" => "23.45",
"@version" => "1",
"@timestamp" => "2017-01-11T02:11:21.071Z",
"host" => "Vsftp",
"request_time" => 23
}