我怎样才能控制的水平decode_json_fields?
max_depth似乎对我的情况没有帮助。
目标:解析'/var/lib/docker/containers/ / .log'但控制最大json深度(不要在elasticsearch索引中生成数百个嵌套字段)
name: "host-01"
queue:
mem:
events: 16384
# batch of events to the outputs. "0" ensures events are immediately available to be sent to the outputs.
flush.min_events: 0
filebeat:
prospectors:
- type: log
paths:
- '/tmp/test.log'
json:
# key on which to apply the line filtering and multiline settings
message_key: log
keys_under_root: true
add_error_key: true
processors:
- decode_json_fields:
fields: ["log"]
process_array: false
max_depth: 1
overwrite_keys: false
output:
console:
pretty: true
例子
echo …