如何处理Logstash / ElasticSearch

时间:2017-07-28 11:31:08

标签: elasticsearch logstash

当我尝试使用Logstash在ElasticSearch中导入以下XML文件时出现问题:

<test>
<param name="param1" raw="0x01">
<param name="param2" raw="0x02" eng="2">
<param name="param3" raw="0x03" eng="3">
</test>

我的Logstash配置文件如下(摘录):

xml {
    store_xml => false
    source => "message"
    xpath => [
        "/test/param/@name", "name",
        "/test/param/@raw", "raw",
        "/test/param/@eng", "eng"
    ]
}

运行Logstash后,ElasticSearch数据库包含:

"name": [
      "param1",
      "param2",
      "param3",
    ],
"raw": [
      "0x01",
      "0x02",
      "0x02",
    ],
"eng": [
      2,
      3,
    ],

我想要这个:

...
"eng": [
      null,
      2,
      3,
    ],

如何在非现有字段中强制使用null(或None或NaN)值?

提前致谢!

1 个答案:

答案 0 :(得分:0)

如果字段不存在,您可以尝试添加该字段,请尝试以下操作(将其放在xml过滤器之后):

page.phtml

Mutate filter plugin

相关问题
最新问题