Начало Каталог Помощ
Вход
lqb
/
elasticsearch
огледало от https://gitee.com/mirrors/elasticsearch.git
1
0
Разклонения 0
Файлове Задачи 0 Уики
ИН на ревизия: 4eb09cb31e
Клонове Маркери
elasticsearch
/
docs
/
reference
/
ingest
/
processors
/
kv.asciidoc

kv.asciidoc 2.1 KB
История Директен файл

123456789101112131415161718192021222324252627282930313233343536373839404142 
  1. [[kv-processor]]
    2. 

  2. === KV processor
    3. 

  3. ++++
    4. 

  4. <titleabbrev>KV</titleabbrev>
    5. 

  5. ++++
    6. 

  6. 

  7. This processor helps automatically parse messages (or specific event fields) which are of the `foo=bar` variety.
    8. 

  8. 

  9. For example, if you have a log message which contains `ip=1.2.3.4 error=REFUSED`, you can parse those fields automatically by configuring:
    10. 

  10. 

  11. [source,js]
    12. 

  12. --------------------------------------------------
    13. 

  13. {
    14. 

  14.   "kv": {
    15. 

  15.     "field": "message",
    16. 

  16.     "field_split": " ",
    17. 

  17.     "value_split": "="
    18. 

  18.   }
    19. 

  19. }
    20. 

  20. --------------------------------------------------
    21. 

  21. // NOTCONSOLE
    22. 

  22. 

  23. TIP: Using the KV Processor can result in field names that you cannot control. Consider using the <<flattened>> data type instead, which maps an entire object as a single field and allows for simple searches over its contents.
    24. 

  24. 

  25. [[kv-options]]
    26. 

  26. .KV Options
    27. 

  27. [options="header"]
    28. 

  28. |======
    29. 

  29. | Name             | Required  | Default  | Description
    30. 

  30. | `field`          | yes       | -        | The field to be parsed
    31. 

  31. | `field_split`    | yes       | -        | Regex pattern to use for splitting key-value pairs
    32. 

  32. | `value_split`    | yes       | -        | Regex pattern to use for splitting the key from the value within a key-value pair
    33. 

  33. | `target_field`   | no        | `null`   | The field to insert the extracted keys into. Defaults to the root of the document
    34. 

  34. | `include_keys`   | no        | `null`   | List of keys to filter and insert into document. Defaults to including all keys
    35. 

  35. | `exclude_keys`   | no        | `null`   | List of keys to exclude from document
    36. 

  36. | `ignore_missing` | no        | `false`  | If `true` and `field` does not exist or is `null`, the processor quietly exits without modifying the document
    37. 

  37. | `prefix`         | no        | `null`   | Prefix to be added to extracted keys
    38. 

  38. | `trim_key`       | no        | `null`   | String of characters to trim from extracted keys
    39. 

  39. | `trim_value`     | no        | `null`   | String of characters to trim from extracted values
    40. 

  40. | `strip_brackets` | no        | `false`  | If `true` strip brackets `()`, `<>`, `[]` as well as quotes `'` and `"` from extracted values
    41. 

  41. include::common-options.asciidoc[]
    42. 

  42. |======
    43.