Hi,
According to https://github.com/logstash-plugins/logstash-output-elasticsearch/issues/129, this seems possible to do now.
I'm trying to index two different sources (2 sql tables), and then correlate a parent-child relationship between them. Currently, ingesting data is perfectly fine. However, I'm really confused how to create the parent-child relationship within logstash... I actually can't even figure out how to do it using POST requests in elastic's examples found here: https://www.elastic.co/guide/en/elasticsearch/guide/current/parent-child-mapping.html or https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-parent-field.html.. the 2nd link gives me a bad request 400 when attempting the 3rd put in SENSE.
My current config file looks like this (I am not doing anything in filter, and ingesting works just fine):
output {
#So I know it is running
stdout {
codec => json_lines
}
if [type] == "alarms"{
elasticsearch{
index => "alarms"
document_type => "alarm"
#the below doesn't work: getting a "reason: can't specify parent if no parent field has been
#configured" I need this to be dynamic based on the value of the document's source_id field
parent => "%{source_id}"
}
}
if [type] == "source"{
elasticsearch{
index => "source"
document_type => "source"
#overwrites the auto-generated unique value for _id with the unique value from source_id
document_id => "%{source_id}"
}
}
}