mirror of
https://github.com/elastic/logstash.git
synced 2025-04-24 22:57:16 -04:00
DeDe Morton
parent
0fabd5bacf
commit
d7485daee3
1 changed files with 74 additions and 2 deletions
76
docs/static/transforming-data.asciidoc
vendored
76
docs/static/transforming-data.asciidoc
vendored
|
|
@ -380,7 +380,7 @@ filter {
|
|||
--------------------------------------------------------------------------------
|
||||
|
||||
|
||||
<<plugins-filters-elasticsearch,elasticsearch>>::
|
||||
<<plugins-filters-elasticsearch,elasticsearch filter>>::
|
||||
|
||||
Copies fields from previous log events in Elasticsearch to current events.
|
||||
+
|
||||
|
|
@ -450,7 +450,79 @@ For example:
|
|||
}
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
<<plugins-filters-jdbc_streaming,jdbc_streaming>>::
|
||||
|
||||
<<plugins-filters-jdbc_static,jdbc_static filter>>::
|
||||
|
||||
Enriches events with data pre-loaded from a remote database.
|
||||
+
|
||||
The following example fetches data from a remote database, caches it in a local
|
||||
database, and uses lookups to enhance events with data cached in the local
|
||||
database.
|
||||
+
|
||||
[source,json]
|
||||
-----
|
||||
filter {
|
||||
jdbc_static {
|
||||
loaders => [
|
||||
{
|
||||
id => "remote-servers"
|
||||
query => "select ip, descr from ref.local_ips order by ip"
|
||||
local_table => "servers"
|
||||
},
|
||||
{
|
||||
id => "remote-users"
|
||||
query => "select firstname, lastname, userid from ref.local_users order by userid"
|
||||
local_table => "users"
|
||||
}
|
||||
]
|
||||
local_db_objects => [
|
||||
{
|
||||
name => "servers"
|
||||
index_columns => ["ip"]
|
||||
columns => [
|
||||
["ip", "varchar(15)"],
|
||||
["descr", "varchar(255)"]
|
||||
]
|
||||
},
|
||||
{
|
||||
name => "users"
|
||||
index_columns => ["userid"]
|
||||
columns => [
|
||||
["firstname", "varchar(255)"],
|
||||
["lastname", "varchar(255)"],
|
||||
["userid", "int"]
|
||||
]
|
||||
}
|
||||
]
|
||||
local_lookups => [
|
||||
{
|
||||
id => "local-servers"
|
||||
query => "select descr as description from servers WHERE ip = :ip"
|
||||
parameters => {ip => "[from_ip]"}
|
||||
target => "server"
|
||||
},
|
||||
{
|
||||
id => "local-users"
|
||||
query => "select firstname, lastname from users WHERE userid = :id"
|
||||
parameters => {id => "[loggedin_userid]"}
|
||||
target => "user"
|
||||
}
|
||||
]
|
||||
# using add_field here to add & rename values to the event root
|
||||
add_field => { server_name => "%{[server][0][description]}" }
|
||||
add_field => { user_firstname => "%{[user][0][firstname]}" }
|
||||
add_field => { user_lastname => "%{[user][0][lastname]}" }
|
||||
remove_field => ["server", "user"]
|
||||
jdbc_user => "logstash"
|
||||
jdbc_password => "example"
|
||||
jdbc_driver_class => "org.postgresql.Driver"
|
||||
jdbc_driver_library => "/tmp/logstash/vendor/postgresql-42.1.4.jar"
|
||||
jdbc_connection_string => "jdbc:postgresql://remotedb:5432/ls_test_2"
|
||||
}
|
||||
}
|
||||
-----
|
||||
|
||||
<<plugins-filters-jdbc_streaming,jdbc_streaming filter>>::
|
||||
|
||||
Enriches events with database data.
|
||||
+
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue