logstash 如何处理 mongodb 导出来的 _id value数据。 how to custom fields of logstash by mongo mapreduce exported data.(example format: {_id:"xxx"} , value:{})

时间:2023-03-08 17:13:51
input {

      file {

          path => "c:\aa.json"

          start_position => "beginning"

          #sincedb_path => "NUL"

          codec => json {

            charset => "UTF-8"

        }

      }

}

filter {

   json{

   source => "message"

   }

    #custom fields

    ruby {

       code => "event.set('users',event.get('value')['usertag'])

                event.set('logcreatetime',event.get('value')['createtime'])

                event.set('usertype',event.get('value')['usertype'])

                event.set('userid',event.get('value')['userid'])

       "

    }

    mutate

    {

        remove_field => [ "message","path","@version","@timestamp","host","_id","value"] #删除字段 delete fields

    }

}

output {

    elasticsearch {

        action => "index"

        hosts => ["http://localhost:9200"]

        index => "urnesteddb"

        document_type => "usertable"

        workers => 1

    }

     #stdout {

         #codec => rubydebug

         #codec => json_lines

     #}

}