Hello,
Is it possible for logstash to alias fields as described in the elastic docs below?
Not sure what you think logstash could do related to aliases. An alias allows a different name to be used when sending a search request to elasticsearch. If logstash sends a query to elasticsearch (either an input or a filter) then I would certainly expect it to be able to use an alias. Other than that, what would you want logstash to do?
I have some existing fields that are parsed from events, I wanted to add an alias to these fields.
For example:
grok {
match => {
"message" => "%{GREEDYDATA:foo}"
}
}
I now want to add an alias bar that I can use for search.
I looked at mutate.add_field but this will add a field to the document that will not be coupled to the originally parsed field.
So set the mapping of the index in elasticsearch such that bar is an alias for foo.
The ELK stack is disposable and indexes, and their settings are not persisted. Plus, I'm using datastreams to create the index rather then manually setting them up.
I was wondering if I can define alias at parse time using logstash, I'm guessing not.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.