我一直试图通过Logstash将mySQL数据库导入Elasticsearch,但是我被困了(现在已经两天了)将三列分成单独的字段。
我想将它们分为不同的字段,以便显示为:
"dr_behaviour_Patient Healer": "5",
"dr_behaviour_Couldn’t Care Less": "5"
filter {
mutate {
split => {
"dr_behaviour_rate" => ","
}
}
kv {
source => "dr_behaviour_rate"
prefix => "dr_behaviour"
field_split_pattern => "/[/]"
include_brackets => true
}
}
答案 0 :(得分:0)
这是可行的:
kv {
source => "dr_behaviour"
prefix => "behaviour_"
field_split => ","
include_brackets => false
value_split => "\[\]"
trim_key => "\s\[\]"
trim_value => "\s\[\]"
}