logstash的數據源爲json,
部分數據
"level" => {
"levelStr" => "ERROR",
"level" => 40000
},
"type" => "community",一、用某個字段作爲過濾條件
filter {
if [type] != "community"{
drop {}
}
}二、用某個二級字段作爲過濾條件
filter {
if [level][levelStr] != "ERROR"{
drop {}
}
}參考:
https://discuss.elastic.co/t/how-to-refer-to-subfield-in-logstash/79474