logstash 收集 http POST请求中的json日志时，字段冲突问题

https://www.elastic.co/guide/en/logstash/current/plugins-inputs-http.html

修改

vim /etc/logstash/logstash.yml


pipeline.ecs_compatibility: disabled

不关闭的话，会自动添加这几个字段
可能会与json中的同名字段冲突

{
    "@version" => "1",
    "user_agent" => {
        "original" => "curl/7.64.1"
    },
    "http" => {
        "method" => "PUT",
        "request" => {
            "mime_type" => "application/x-www-form-urlencoded",
            "body" => {
                "bytes" => "5"
            }
        },
        "version" => "HTTP/1.1"
    },
    "url" => {
          "port" => "8080",
        "domain" => "snmp1",
          "path" => "/twitter/tweet/1"
    },
    "@timestamp" => 2021-05-28T23:32:38.222Z,
    "host" => {
        "ip" => "127.0.0.1"
    },
    "message" => "hello",
}

会有类似的报错

JSON parse error, original data now in message field {:message=>"Could not set field 'domain' on object 'https://www.example.com/.gif' to value 'localhost'.This is probably due to trying to set a field like [foo][bar] = someValuewhen [foo] is not either a map or a string", :