logstash mutate 类型转换

 logstash-filter-mutate 插件是Logstash 另一个重要插件,它提供了丰富的基础类型数据处理能力,包括类型转换,字符串处理和字段处理等

1.类型转换

类型转换是logstash-filter-mutate 插件最初诞生时的唯一功能,

可以设置的转换类型包括："integer"，"float" 和 "string"。示例如下：

input {
   stdin {
     }
 }

filter {
  grok {
   match =>{
   "message" =>"(?<request_time>d+(?:.d+)?)"
     }
}
}
output {
   stdout {
   codec =>rubydebug
   }
}

[elk@Vsftp logstash]$ logstash -f t2.conf 
Settings: Default pipeline workers: 4
Pipeline main started
23.45
{
         "message" => "23.45",
        "@version" => "1",
      "@timestamp" => "2017-01-11T02:07:33.581Z",
            "host" => "Vsftp",
    "request_time" => "23.45"
}


字符串 转换为float型



[elk@Vsftp logstash]$ cat t2.conf 
input {
   stdin {
     }
 }

filter {
  grok {
   match =>{
   "message" =>"(?<request_time>d+(?:.d+)?)"
     }
    }
     mutate {
        convert => ["request_time", "float"]
}
}
output {
   stdout {
   codec =>rubydebug
   }
}



[elk@Vsftp logstash]$ logstash -f t2.conf 
Settings: Default pipeline workers: 4
Pipeline main started
23.45
{
         "message" => "23.45",
        "@version" => "1",
      "@timestamp" => "2017-01-11T02:10:07.045Z",
            "host" => "Vsftp",
 





字符串转换成数值型:


[elk@Vsftp logstash]$ cat t2.conf 
input {
   stdin {
     }
 }

filter {
  grok {
   match =>{
   "message" =>"(?<request_time>d+(?:.d+)?)"
     }
    }
     mutate {
        convert => ["request_time", "integer"]
}
}
output {
   stdout {
   codec =>rubydebug
   }
}


[elk@Vsftp logstash]$ logstash -f t2.conf 
Settings: Default pipeline workers: 4
Pipeline main started
23.45
{
         "message" => "23.45",
        "@version" => "1",
      "@timestamp" => "2017-01-11T02:11:21.071Z",
            "host" => "Vsftp",
    "request_time" => 23
}

相关阅读:
提高PHP运行速度的几大方法
如何判断Javascript对象是否存在
CSS属性选择器中的通配符
jQuery对象与dom对象的转换
jquery的clone方法bug的修复
IntelliJ IDEA 开发工具项目maven管理
Socket连接与HTTP连接
C#枚举数值与名称的转换
JSSDK制作思路
iOS强制横竖屏转换

原文地址：https://www.cnblogs.com/hzcya1995/p/13349931.html