I have written one Logstash script for update.
This script will update or insert if the record is not present in elasticsearch.
I am using doc_as_upsert as true for that.
input {
file {
path => "C:/PADS_ELK/Logstash/logstash-5.4.1/data/input.txt"
start_position => "beginning"
}
}
filter{
csv{
columns => ["col1","col2","col3"]
separator => ","
}
ruby {
add_field => {
"col3" => "%{[@timestamp]}"
"updated_by" => "batch"
}
code => "if event.get('col1').to_i < 1000
event.set('col1','1000')
end
if event.get('col2').to_i < 10
event.set('col2','10')
end"
remove_field => ["message", "path","@version","@timestamp","type","host"]
}
}
output {
stdout { codec => rubydebug }
elasticsearch{
hosts => ["localhost:9200"]
index => "my_index"
action => "update"
document_type => "my_type"
document_id => "%{col1}%{col2}%{col3}"
doc_as_upsert => "true"
}
}
For updating the records, it is fine. But, I want to add one more field if this is insert. How can I do that?