Hi,
I use Logstash with two pipelines. The first will process log file comming from SVI (Vocal server) and index fields into the index called "svi".The second pipeline process CDR (call details records) and index fields into the "cdr_sbc" index.
In the second logstash config I use the elasticsearch filter to copy fields from the document that has the same "ID appelSVI" in the "svi" index to the document in the "cdr_sbc" index.
So there is the situation. First the first pipeline process the logs from the SVI and I obtain this document with this "ID appelSVI" :
After that the second pipeline run and process CDR. In the logstash config I used the elasticsearch filter
:
elasticsearch{
hosts => ["localhost:9200"]
index=> "svi"
query => "ID appelSVI:%{ID appelSVI}"
fields =>{
"UD_CODESVI" => "UD_CODESVI"
}
}
I think my config is not bad. I obtain this message that tell me that there is no "ID appelSVI" in the "svi" index that match witch the "ID appelSVI" obtained in the CDR ;
There is a screenshot from the document in the "cdr_sbc" index that has this "ID appelSVI". As you can see that's the same that those in the "svi" index (there is no spaces at the beginning or at the end).
