mirror of
https://github.com/elastic/logstash.git
synced 2025-04-25 07:07:54 -04:00
DeDe Morton
parent
0fabd5bacf
commit
d7485daee3
1 changed files with 74 additions and 2 deletions
76
docs/static/transforming-data.asciidoc
vendored
76
docs/static/transforming-data.asciidoc
vendored
|
|
@ -380,7 +380,7 @@ filter {
|
||||||
--------------------------------------------------------------------------------
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
<<plugins-filters-elasticsearch,elasticsearch>>::
|
<<plugins-filters-elasticsearch,elasticsearch filter>>::
|
||||||
|
|
||||||
Copies fields from previous log events in Elasticsearch to current events.
|
Copies fields from previous log events in Elasticsearch to current events.
|
||||||
+
|
+
|
||||||
|
|
@ -450,7 +450,79 @@ For example:
|
||||||
}
|
}
|
||||||
--------------------------------------------------------------------------------
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
<<plugins-filters-jdbc_streaming,jdbc_streaming>>::
|
|
||||||
|
<<plugins-filters-jdbc_static,jdbc_static filter>>::
|
||||||
|
|
||||||
|
Enriches events with data pre-loaded from a remote database.
|
||||||
|
+
|
||||||
|
The following example fetches data from a remote database, caches it in a local
|
||||||
|
database, and uses lookups to enhance events with data cached in the local
|
||||||
|
database.
|
||||||
|
+
|
||||||
|
[source,json]
|
||||||
|
-----
|
||||||
|
filter {
|
||||||
|
jdbc_static {
|
||||||
|
loaders => [
|
||||||
|
{
|
||||||
|
id => "remote-servers"
|
||||||
|
query => "select ip, descr from ref.local_ips order by ip"
|
||||||
|
local_table => "servers"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
id => "remote-users"
|
||||||
|
query => "select firstname, lastname, userid from ref.local_users order by userid"
|
||||||
|
local_table => "users"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
local_db_objects => [
|
||||||
|
{
|
||||||
|
name => "servers"
|
||||||
|
index_columns => ["ip"]
|
||||||
|
columns => [
|
||||||
|
["ip", "varchar(15)"],
|
||||||
|
["descr", "varchar(255)"]
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name => "users"
|
||||||
|
index_columns => ["userid"]
|
||||||
|
columns => [
|
||||||
|
["firstname", "varchar(255)"],
|
||||||
|
["lastname", "varchar(255)"],
|
||||||
|
["userid", "int"]
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
local_lookups => [
|
||||||
|
{
|
||||||
|
id => "local-servers"
|
||||||
|
query => "select descr as description from servers WHERE ip = :ip"
|
||||||
|
parameters => {ip => "[from_ip]"}
|
||||||
|
target => "server"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
id => "local-users"
|
||||||
|
query => "select firstname, lastname from users WHERE userid = :id"
|
||||||
|
parameters => {id => "[loggedin_userid]"}
|
||||||
|
target => "user"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
# using add_field here to add & rename values to the event root
|
||||||
|
add_field => { server_name => "%{[server][0][description]}" }
|
||||||
|
add_field => { user_firstname => "%{[user][0][firstname]}" }
|
||||||
|
add_field => { user_lastname => "%{[user][0][lastname]}" }
|
||||||
|
remove_field => ["server", "user"]
|
||||||
|
jdbc_user => "logstash"
|
||||||
|
jdbc_password => "example"
|
||||||
|
jdbc_driver_class => "org.postgresql.Driver"
|
||||||
|
jdbc_driver_library => "/tmp/logstash/vendor/postgresql-42.1.4.jar"
|
||||||
|
jdbc_connection_string => "jdbc:postgresql://remotedb:5432/ls_test_2"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
-----
|
||||||
|
|
||||||
|
<<plugins-filters-jdbc_streaming,jdbc_streaming filter>>::
|
||||||
|
|
||||||
Enriches events with database data.
|
Enriches events with database data.
|
||||||
+
|
+
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue