hi all,
i want to parse my massage , it look like this below
so the columnName value will be the field name
and ColumnValue will be the value of the new field.
my code looks like
input {
jdbc {
jdbc_driver_library => "/etc/logstash/drivers/sqljdbc_6.0/enu/jre8/sqljdbc42.jar"
jdbc_driver_class => "com.microsoft.sqlserver.jdbc.SQLServerDriver"
jdbc_connection_string => "jdbc:sqlserver://XXX:1433;databasename=ELK"
jdbc_user => "ELuser"
jdbc_password => "PPPPPAa"
statement => " SELECT * FROM [dbo].[_tmp_elk] WHERE json_full_text IS NOT NULL "
tags => ["pct"]
clean_run => false
}
}
filter {
if "pct" in [tags]
{
json {
source => "json_full_text"
add_field => {"[Columns][ColumnName]","%{[Columns][ColumnValue]}"}
}
date {
match => [ "RequestOpenDate", "dd-MM-yyyy HH:mm" ]
target => "RequestOpenDate"
}
date {
match => [ "RequestCloseDate", "dd-MM-yyyy HH:mm" ]
target => "RequestCloseDate"
}
date {
match => [ "Actions_InsertedDate", "dd-MM-yyyy HH:mm" ]
target => "Actions_InsertedDate"
}
mutate { remove_field => [ "json_full_text" ] }
}
}
output {
if "pct" in [tags] {
elasticsearch {
user => elastic
password => nnuuuyt
hosts => ["tlgdelkedb02.harel-office.com:9200"]
index => "pct2-%{+YYYY.MM.dd}"
}
}
}
see the document below :
"_index": "pro-2017.08.17",
"_type": "logs",
"_id": "AV60penuPiY1C8rIJQL9",
"_score": 1,
"_source": {
"ownerdepartment": "client",
"ownermobile": null,
"type": "logs",
"actions_inserteddate": "2010-10-27T15:06:00.000Z",
"itemid": 93091,
"actions_status": "yes",
"requesttype": "profile",
"@version": "1",
"requestessence": null,
"requestclosedate": "2010-10-27T15:06:00.000Z",
"requestcurrenthandler": "xxx",
"owner": "מתי קלמן",
"actions_station": "sss",
"Columns": [
{
"ColumnID": 2520,
"ColumnName": "geter",
"ColumnValue": "מmati glman",
"ColumnValueID": null
},
{
"ColumnID": 42083,
"ColumnName": "deparment",
"ColumnValue": "senior",
"ColumnValueID": null
},
{
"ColumnID": 2512,
"ColumnName": "phone",
"ColumnValue": "067547340",
"ColumnValueID": null
}
],
"requestparentitemid": 92853,
"requestopendate": "2010-10-20T11:03:00.000Z",
"actions_notes": null,
"tags": [
"pct"
],
"ownerposition": "xxx",
"requestsubject": "yyyyy",
"actions_id": 128528,
"@timestamp": "2017-08-17T10:55:16.875Z",
"ownerphone": 37547340,
"requeststatus": "close",
"actions_insertedby": "yaniv hav"
}
}