Hi,
I need to delete all documents and then add documents from logstash, in the same query.
Is this possible?
How can I do?
What you are looking for is not possible via logstash.
I have same requirement hence this is what I do. but in my case record count is small and that is why it works.
I run a bash cron script at 08:01 which deletes all record from index.
and logstash runs at 08:02 which pulls new data and insert in same index
inside bash script this is what I do
sleep 50
curl -u {elk_user}:{elk_user_password} -X POST "localhost:9200/myidex-2020/_delete_by_query" -H "Content-Type: application/json" -d"
{ "query": { "match_all": {} } } "
this means all data is unavailable for only 10 to 20 second. as delete works at 08:01:50 and new data gets pull at 08:02:00
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.