1

我得到了一个 siddhi 的工作代码,我想知道它是否可以使用没有封闭元素的 json 格式输出事件。

我试着把一个空的 enclosing.element 和 $. ,但它们似乎都不起作用。

@sink(type = 'file', file.uri = "/var/log/cert/output/{{name}}", 
    @map(type = 'json', fail.on.missing.attibute = "false",enclosing.element="$."))
define stream AlertStream (timestamp long, name string, ipsrc string, ipdst string, evento string, tipoAmenaza string, eventCategory string, severity string, network string, threatId string, eventTech string, eventArea string, urlOriginal string, eventID string, tag string);

我得到了以下结果

{"event":{"timestamp":1562232334157,"name":"client_name","ipsrc":"192.168.1.1","ipdst":"192.168.1.2","evento":"threat","tipoAmenaza":"file","eventCategory":"alert","severity":"medium","network":"192.168.0.0-192.168.255.255","threatId":"spyware","eventTech":"firewall","eventArea":"fwaas","urlOriginal":"undefined","eventID":"901e1155-5407-48ce-bddb-c7469fcf5c48","tag":"[Spyware-fwaas]"}}

并且期望的输出是

{"timestamp":1562232334157,"name":"client_name","ipsrc":"192.168.1.1","ipdst":"192.168.1.2","evento":"threat","tipoAmenaza":"file","eventCategory":"alert","severity":"medium","network":"192.168.0.0-192.168.255.255","threatId":"spyware","eventTech":"firewall","eventArea":"fwaas","urlOriginal":"undefined","eventID":"901e1155-5407-48ce-bddb-c7469fcf5c48","tag":"[Spyware-fwaas]"}
4

1 回答 1

0

您必须使用带有 @payload 注释的自定义映射。有关更多信息,请参阅https://siddhi-io.github.io/siddhi-map-json/api/5.0.2/#json-sink-mapper

@sink(type='inMemory', topic='{{symbol}}', 
     @map(type='json', 
         @payload( """{"StockData":{"Symbol":"{{symbol}}","Price":{{price}}}""")))
define stream BarStream (symbol string, price float, volume long);
于 2019-07-05T08:58:26.647 回答