Dynamic index

wuwo1952368901 · October 26, 2018, 8:34am

I want to dynamic index from meassage nodename,but it's only show "%{[node_name]}" ,it's not my node_name. How can i config this?

filter {
grok {
match => {
"message"=>"#%{DATA:request_time}#%{DATA:node_name}#%{DATA:class_name}#%{DATA:log_level}#%{DATA:call_site}#%{DATA:line_number}#%{DATA:request_url}#%{DATA:request_method}#%{DATA:container_name}#%{DATA:action_name}#%{DATA:log_info}#%{DATA:exception}#%{DATA:ip}#%{DATA:form}#%{DATA:identity}" }
}
}

output{
elasticsearch{
hosts=>["127.0.0.1:9200"]
index=>"%{[node_name]}"

}

Christian_Dahlqvist · October 26, 2018, 8:45am

Is the grok expression working so that the field is actually extracted? If you look at the data in Elasticsearch, do you see a _grokparsefailure tag? If not, can you show us what anindexed document looks like?

wuwo1952368901 · October 26, 2018, 11:05am

When i use this ,it was ok
output{
elasticsearch{
hosts=>["127.0.0.1:9200"]
index=>"defult"
}
}

but use this,i can't see node_nam in Elasticsearch
output{
elasticsearch{
hosts=>["127.0.0.1:9200"]
index=>"%{[node_name]}"
}
}

Jenni · October 26, 2018, 11:12am

Well, you still haven't posted your indexed events ...

Topic		Replies	Views
Not getting dynamic index in elasticsearch using logstash Logstash	9	2683	May 18, 2017
Dynamically change the index for Elasticsearch in Logstash output Logstash	6	1230	September 10, 2020
Creating index dynamically in ES Elasticsearch	6	2815	July 6, 2017
Use dynamic Index name based on nested field Logstash	5	11504	July 6, 2017
Dynamic index names Logstash	6	3052	September 16, 2021

Dynamic index

Related topics