Hello,
I try to use the Elasticsearch filter Elasticsearch filter plugin | Logstash Reference [6.3] | Elastic
There is the situation. I have two indexes : "svi" and "cdr_sbc"
The is an example of one document in the "svi" index :
In the second index ("cdr_sbc") I have some fields including IDAppelSVI that contain exactly the same value that in the "svi" index.
The common field between the the indexis is IDAppelSVI.
Now, I want to use the elasticsearch filter in my logstash config to add the field UD_CODESVI that is located in the "svi" index into the document in the "cdr_sbc" index where the IDAppelSVI is the same.
There is my logstash filter config for the "cdr_sbc" :
elasticsearch{
hosts => ["localhost:9200"]
index=> "svi"
query => "IDAppelSVI:%{IDAppelSVI}"
add_field =>{
"UD_CODESVI" => "%{UD_CODESVI}"
}
}
There is the error that is printed :
For information I'm shure that when I execute the logstash config file for "cdr_sbc" the document in the "svi" index already exists.
Why elasticsearch can't find the document that contains the googd "IDAppelSVI" and coppy the content of the "UD_CODESVI" in my document located in the "cdr_sbc" index ?
If I try to execute the query bellow I obtain the document that I looked for. That is the proof that ELK can find my document that contains the "IDAppelSVI' that I provide.
GET svi/_search
{
"query": {
"query_string": {
"query": "IDAppelSVI:SDusk6701-309d91a4e54bb0dea337d210f6a30178-v300g00060"
}
},
"_source": ["UD_CODESVI", "UD_CODESVI"]
}