Lostash event API详解
来源:互联网 发布:cf36 2检测到数据异常 编辑:程序博客网 时间:2024/06/05 21:56
我们使用Logstash的ruby filter时,不可避免地要对event进行处理。然而蛋疼的是,Elastic的官方文档https://www.elastic.co/guide/en/logstash/5.6/event-api.html只给出了get
和set
两个方法的描述。exm?
文档没有,只能看源码了。Event API的描述位于https://github.com/elastic/logstash/blob/master/logstash-core/src/main/java/org/logstash/ext/JrubyEventExtLibrary.java,除了基本的get
和set
外,还提供了丰富的接口。我们能用到的方法包括:
- 删除事件:
cancel
- 取消删除事件:
uncancel
- 是否删除:
cancelled?
- 是否包含字段:
include?
- 删除字段:
remove
- 事件转字符串:
to_s
- 事件转hash字典(不含metadata字段):
to_hash
- 事件转hash字典(含metadata字段):
to_hash_with_metadata
- 事件转json字符串:
to_json
- 增加tag:
tag
- 取事件时间戳:
timestamp
为直观展示各个方法的作用,我们写一个测试配置文件,对这些方法进行测试:
input { stdin { codec => json }}filter { ruby { code => ' event.cancel event.set("cancelled", event.cancelled?) event.uncancel event.set("include", event.include?("hello")) event.remove("hello") event.set("to_s", event.to_s) event.set("to_hash", event.to_hash) event.set("to_hash_with_metadata", event.to_hash_with_metadata) event.set("to_json", event.to_json) event.tag("_test_tag") event.set("timestamp", event.timestamp) ' }}output { stdout { codec => rubydebug }}
测试结果如下。可见,上述方法都能被正常调用。
[root@Miix ~]# logstash -f test.conf
Sending Logstash’s logs to /var/log/logstash which is now configured via log4j2.properties
The stdin plugin is now waiting for input:
{“hello”:”world”}
{
“include” => true,
“@timestamp” => 2017-09-23T05:26:40.265Z,
“to_json” => “{\”include\”:true,\”@timestamp\”:\”2017-09-23T05:26:40.265Z\”,\”to_hash_with_metadata\”:{\”include\”:true,\”@timestamp\”:\”2017-09-23T05:26:40.265Z\”,\”@version\”:\”1\”,\”host\”:\”Miix.mvpboss1004.com\”,\”cancelled\”:true,\”to_s\”:\”2017-09-23T05:26:40.265Z Miix.mvpboss1004.com %{message}\”,\”to_hash\”:{\”include\”:true,\”@timestamp\”:\”2017-09-23T05:26:40.265Z\”,\”@version\”:\”1\”,\”host\”:\”Miix.mvpboss1004.com\”,\”cancelled\”:true,\”to_s\”:\”2017-09-23T05:26:40.265Z Miix.mvpboss1004.com %{message}\”}},\”@version\”:\”1\”,\”host\”:\”Miix.mvpboss1004.com\”,\”cancelled\”:true,\”to_s\”:\”2017-09-23T05:26:40.265Z Miix.mvpboss1004.com %{message}\”,\”to_hash\”:{\”include\”:true,\”@timestamp\”:\”2017-09-23T05:26:40.265Z\”,\”@version\”:\”1\”,\”host\”:\”Miix.mvpboss1004.com\”,\”cancelled\”:true,\”to_s\”:\”2017-09-23T05:26:40.265Z Miix.mvpboss1004.com %{message}\”}}”,
“to_hash_with_metadata” => {
“include” => true,
“@timestamp” => 2017-09-23T05:26:40.265Z,
“@version” => “1”,
“host” => “Miix.mvpboss1004.com”,
“cancelled” => true,
“to_s” => “2017-09-23T05:26:40.265Z Miix.mvpboss1004.com %{message}”,
“to_hash” => {
“include” => true,
“@timestamp” => 2017-09-23T05:26:40.265Z,
“@version” => “1”,
“host” => “Miix.mvpboss1004.com”,
“cancelled” => true,
“to_s” => “2017-09-23T05:26:40.265Z Miix.mvpboss1004.com %{message}”
}
},
“@version” => “1”,
“host” => “Miix.mvpboss1004.com”,
“cancelled” => true,
“to_s” => “2017-09-23T05:26:40.265Z Miix.mvpboss1004.com %{message}”,
“to_hash” => {
“include” => true,
“@timestamp” => 2017-09-23T05:26:40.265Z,
“@version” => “1”,
“host” => “Miix.mvpboss1004.com”,
“cancelled” => true,
“to_s” => “2017-09-23T05:26:40.265Z Miix.mvpboss1004.com %{message}”
},
“tags” => [
[0] “_test_tag”
],
“timestamp” => 2017-09-23T05:26:40.265Z
}
- Lostash event API详解
- lostash 正则
- jquery.special.event-api
- Event — Windows API
- jQuery常用Event-API
- VIX API Concepts : Event Models
- google calendar API 插入 event
- js的event详解
- JS window.event 详解
- js的event详解
- js的event详解
- javascript的event详解
- JS event用法详解
- window.event 对象详解
- event对象详解
- js的event详解
- javascript event详解
- javascript中event详解
- C语言中自动获取当前时间和日期
- Spring Security教程(13)---- 验证码功能的实现
- MySQL5.7.19免安装版的安装与卸载重装
- 递归实现全排列问题
- 责任链模式
- Lostash event API详解
- 利用XSS来将cookie传送指定文件中
- 计算机网络之面试常考
- Python+Unittest+自动化:使用Python进行单元测试
- MapReduce:超大机群上的简单数据处理
- 从鼓吹Linux转向科普无穷小微积分的道路
- 实现黑客帝国中的字符雨
- STL-foreach算法
- 第三周第一节