本文介绍如何动态构建新字段,将现有日志包装成一个整体,添加到新构建的字段中。
示例:您可以使用如下加工语法复制字段content为k1_content_copy、字段name为k2_name_copy、字段School为k3_school_copy,并将加工后的日志包装成一个整体。然后再构建一个新字段__extract_others__,将日志添加到该字段中,并丢弃字段k1_content_copy和k3_school_copy。
数据加工(旧版)
加工规则
e_set("k1_content_copy", v("content"), "k2_name_copy", v("name"), "k3_school_copy", v("School"))
e_set("__extract_others__", dct_delete(KEEP,"k1_content_copy","k3_school_copy"))原始日志
School: CMU
__source__: 192.168.1.1
__tag__:__client_ip__: 192.168.1.2
_tag__:__receive_time__:1591755799
__topic__:
content:test concent
name: Twish输出日志
School:CMU
__extract_others__:{"__time__": "1591755799", "__topic__": "", "__source__": "192.168.1.1", "__tag__:__client_ip__": "192.168.1.2", "__tag__:__receive_time__": "1591755799", "content": "test content", "name": "Twish", "School": "CMU", "k2_name_copy": "Twish"}
__source__:192.168.1.1
__tag__:__client_ip__:192.168.1.2
__tag__:__receive_time__:1591755799
__topic__:
content:test content
k2_name_copy:Twish
name:Twish文档内容是否对您有帮助?