sogg
Reputation: 85
logstash fitler how to get the designated fields form log data
the log is like this:
{
"playerId": 2,
"args": {
"uid": 2024657127,
"__route__": "userCenter.playerHandler.getOnLineUids"
},
"time": "03122053",
"timeUsed": 8,
"resp": {
"code": 200,
"uidState": {
"imId": 2024657127,
"uid": 0,
"state": 0
}
}
}
I just need the "__route__" and "timeUsed",
filter {
if "__route__" in [message] {
json {
source => "message"
remove_field => ["args.uid", "playerId", "time", "resp"]
}
}}
the result in kibana like this: image of the result
we can see the field "arg.uid" is also there,how to delete the field like it? Or any other better way to get "__route__" and "timeUsed"?
Upvotes: 1
Views: 23
Answers (1)
mohdasha
Reputation: 311
Just replace args.uid with [args][uid] , it should work after that. Because in logstash every subfield is accessed by using [parent][child] notation
Upvotes: 1
Related Questions
- how can i get specific log in logstash?
- How to cumul filters with logstash?
- Referencing field from input in a Logstash filter
- How should I modify logstash.conf to get the field I want?
- Evaluate field as expression in Logstash filter
- Parsing out text from a string using a logstash filter
- logstash name fields dynamically
- Logstash : how to output a selection of fields
- Getting Started With Logstash Filters
- Extracting fields in Logstash