logstash mutate 类型转换

 logstash-filter-mutate 插件是Logstash 另一个重要插件,它提供了丰富的基础类型数据处理能力,包括类型转换,字符串处理和字段处理等

1.类型转换

类型转换是logstash-filter-mutate 插件最初诞生时的唯一功能,

可以设置的转换类型包括："integer"，"float" 和 "string"。示例如下：

input {
   stdin {
     }
 }

filter {
  grok {
   match =>{
   "message" =>"(?<request_time>d+(?:.d+)?)"
     }
}
}
output {
   stdout {
   codec =>rubydebug
   }
}

[elk@Vsftp logstash]$ logstash -f t2.conf 
Settings: Default pipeline workers: 4
Pipeline main started
23.45
{
         "message" => "23.45",
        "@version" => "1",
      "@timestamp" => "2017-01-11T02:07:33.581Z",
            "host" => "Vsftp",
    "request_time" => "23.45"
}


字符串 转换为float型



[elk@Vsftp logstash]$ cat t2.conf 
input {
   stdin {
     }
 }

filter {
  grok {
   match =>{
   "message" =>"(?<request_time>d+(?:.d+)?)"
     }
    }
     mutate {
        convert => ["request_time", "float"]
}
}
output {
   stdout {
   codec =>rubydebug
   }
}



[elk@Vsftp logstash]$ logstash -f t2.conf 
Settings: Default pipeline workers: 4
Pipeline main started
23.45
{
         "message" => "23.45",
        "@version" => "1",
      "@timestamp" => "2017-01-11T02:10:07.045Z",
            "host" => "Vsftp",
 





字符串转换成数值型:


[elk@Vsftp logstash]$ cat t2.conf 
input {
   stdin {
     }
 }

filter {
  grok {
   match =>{
   "message" =>"(?<request_time>d+(?:.d+)?)"
     }
    }
     mutate {
        convert => ["request_time", "integer"]
}
}
output {
   stdout {
   codec =>rubydebug
   }
}


[elk@Vsftp logstash]$ logstash -f t2.conf 
Settings: Default pipeline workers: 4
Pipeline main started
23.45
{
         "message" => "23.45",
        "@version" => "1",
      "@timestamp" => "2017-01-11T02:11:21.071Z",
            "host" => "Vsftp",
    "request_time" => 23
}