Curl in logstash conf

Shekhar_Pandey · December 6, 2017, 5:29am

Can we use curl option in logstash conf...is this possible or not....

Thank you.

warkolm · December 6, 2017, 5:37am

You can, but why would you use that?
There is http_poller, or metricbeat or other, better options.

Shekhar_Pandey · December 6, 2017, 5:44am

Thanks for reply...Actually I want to use update_by_query API which Kibana code given below:
POST sam/products/_update_by_query
{
"query" : {
"constant_score" : {
"filter" : {
"term" : {
"title" : "redmi note 4"
}
}
}
},
"script" : {
"lang":"painless",
"source" : "ctx._source.frequency++"

}
}

I dont know how to run through logstash conf....if you have any sample...it's will be very useful...Below is my logstash query conf...file but I dont know how to use update_by_query API..so I am thinking to use curl in logstash..

input {
elasticsearch {
hosts => "localhost:9200"
index => "queryindex"
query => '
{
"query" : {
"term" : {
"tags" : "solr"
}
}}'
}
}
output {
stdout{
codec => rubydebug
}
csv {
fields => ["id"]
path => "/root/sam/csv-export1.csv"
}
}

Any suggestion you want to give ....

Thank you.

warkolm · December 6, 2017, 5:57am

So you want to take that query and then the update?

Shekhar_Pandey · December 6, 2017, 6:01am

Yes warkolm.....but update_by_query is API and I don't know how to use in that logstash conf ....

warkolm · December 6, 2017, 6:31am

The query in the input looks for solr, but the update is for phones though?

Shekhar_Pandey · December 6, 2017, 6:35am

No ..actually I just show you my logstash query conf file....above query where I am doing with update_by_query I want to fix in logstash conf file....

Shekhar_Pandey · December 6, 2017, 6:35am

This is below query with logstash..
input {
elasticsearch {
hosts => "localhost:9200"
index => "sam"
query => '
{
"query" : {
"constant_score" : {
"filter" : {
"term" : {
"title" : "redmi note 4"
}
}
}
},
"script" : {
"lang":"painless",
"source" : "ctx._source.frequency++"

}'
}
}
output {
stdout{
codec => json_lines
}
elasticsearch {
action => "_update_by_query"
hosts => ["localhost:9200"]
index => "sam"
document_type => "products"

}
}

NerdSec · December 6, 2017, 10:38am

Hi Shekhar,

I don't think you need to use the update by query option.

Please have a look at:

https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html#plugins-outputs-elasticsearch-action

Regards,
N

Shekhar_Pandey · December 6, 2017, 11:03am

Thanks NerdSec for reply. So I have to write python API...

NerdSec · December 7, 2017, 6:10am

Not required. Just use the elasticsearch output and mention the action as update instead of index.

Topic		Replies	Views
Update by query in Logstash Logstash painless	1	1015	January 14, 2022
Problems doing an _update_by_query with the logstash http output plugin Logstash	4	1552	August 8, 2018
Error in logstash output by using elasticsearch update by query Logstash painless	1	375	October 12, 2022
Problem updating logs using elasticsearch ouput Logstash	1	356	June 5, 2017
How to update a document in elasticsearch with logstash http output plugin Logstash	5	2862	December 14, 2017

Curl in logstash conf

Related topics