Curl in logstash conf

Shekhar_Pandey · December 6, 2017, 5:29am

Can we use curl option in logstash conf...is this possible or not....

Thank you.

warkolm · December 6, 2017, 5:37am

You can, but why would you use that?
There is http_poller, or metricbeat or other, better options.

Shekhar_Pandey · December 6, 2017, 5:44am

Thanks for reply...Actually I want to use update_by_query API which Kibana code given below:
POST sam/products/_update_by_query
{
"query" : {
"constant_score" : {
"filter" : {
"term" : {
"title" : "redmi note 4"
}
}
}
},
"script" : {
"lang":"painless",
"source" : "ctx._source.frequency++"

}
}

I dont know how to run through logstash conf....if you have any sample...it's will be very useful...Below is my logstash query conf...file but I dont know how to use update_by_query API..so I am thinking to use curl in logstash..

input {
elasticsearch {
hosts => "localhost:9200"
index => "queryindex"
query => '
{
"query" : {
"term" : {
"tags" : "solr"
}
}}'
}
}
output {
stdout{
codec => rubydebug
}
csv {
fields => ["id"]
path => "/root/sam/csv-export1.csv"
}
}

Any suggestion you want to give ....

Thank you.

warkolm · December 6, 2017, 5:57am

So you want to take that query and then the update?

Shekhar_Pandey · December 6, 2017, 6:01am

Yes warkolm.....but update_by_query is API and I don't know how to use in that logstash conf ....

warkolm · December 6, 2017, 6:31am

The query in the input looks for solr, but the update is for phones though?

Shekhar_Pandey · December 6, 2017, 6:35am

No ..actually I just show you my logstash query conf file....above query where I am doing with update_by_query I want to fix in logstash conf file....

Shekhar_Pandey · December 6, 2017, 6:35am

This is below query with logstash..
input {
elasticsearch {
hosts => "localhost:9200"
index => "sam"
query => '
{
"query" : {
"constant_score" : {
"filter" : {
"term" : {
"title" : "redmi note 4"
}
}
}
},
"script" : {
"lang":"painless",
"source" : "ctx._source.frequency++"

}'
}
}
output {
stdout{
codec => json_lines
}
elasticsearch {
action => "_update_by_query"
hosts => ["localhost:9200"]
index => "sam"
document_type => "products"

}
}

NerdSec · December 6, 2017, 10:38am

Hi Shekhar,

I don't think you need to use the update by query option.

Please have a look at:

https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html#plugins-outputs-elasticsearch-action

Regards,
N

Shekhar_Pandey · December 6, 2017, 11:03am

Thanks NerdSec for reply. So I have to write python API...

NerdSec · December 7, 2017, 6:10am

Not required. Just use the elasticsearch output and mention the action as update instead of index.

system · January 4, 2018, 6:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.