我们可以进一步查看我们的Logstash是否支持csv的output:
./bin/logstash-plugin list --group output
显示:
logstash-output-cloudwatch
logstash-output-csv
... ...
新建convert_csv.conf 文件
input {
elasticsearch {
hosts => "localhost:9200"
index => "kibana_sample_data_ecommerce"
query => '{
"query": {
"bool": {
"must": [
{
"match": {
"currency": "EUR"
}
},
{
"match": {
"products.quantity": 1
}
}
]
}
}
}'
}
}
output {
csv {
# This is the fields that you would like to output in CSV format.
# The field needs to be one of the fields shown in the output when you run your
# Elasticsearch query
fields => ["category", "customer_birth_date", "customer_first_name", "customer_full_name", "day_of_week"]
# This is where we store output. We can use several files to store our output
# by using a timestamp to determine the filename where to store output.
path => "/Users/demo/tmp/csv-export.csv"
}
}
请注意上面的path需要自己去定义时候自己环境的路径。这里我们在fields里定义了我们想要的字段。
然后,我们可以运行我们的Logstash应用:
./bin/logstash -f ~/data/convert_csv.conf
网友评论