Elasticsearch filter is not working in logstash

Ganesh2303 · February 22, 2017, 7:45am

Hi,
I'm using new version of logstash(5.2.0) and i'm facing correlation issue in that. Kinldy find the below detail of my issue,

Actually im trying to move some fields from index 1 to another index 2.
Already i processed the index 1 data and indexed in elasticsearch. Elasticsearch filter condition is written in index 2 to fetch the value from index 1. Please find the elasticsearch query below

elasticsearch {
				query_template => "/template.json"
			  					
		               }

template.json

{
    "query": {
      "query_string": {
       "query": "type:gvsh_reqold AND dlr_dlrCode:%{dlr_dlrCode} AND getVehicle_VIN:%{getVehicle_VIN}"
      }
    },
   "_source": ["vehicle_SSC","vehicle_SSC"]
 }

i want to tranfer the vehicle_SSC from index 1 to index 2. I'm not getting any error in logstash and please find the logstash message below,

[2017-02-21T23:37:46,627][INFO ][logstash.filters.elasticsearch] Querying elasticsearch for lookup {:params=>{:index=>"", :body=>{"query"=>{"query_string"=>{"query"=>"type:gvsh_reqold AND dlr_dlrCode:0231236 AND getVehicle_VIN:abcd123"}}, "_source"=>["vehicle_SSC", "vehicle_SSC"]}}}

Please help me to resolve this issue asap.

Ganesh2303 · February 23, 2017, 7:23am

@magnusbaeck can you give me the solution for my query

rajkamalkool6 · February 28, 2017, 5:48am

Hi Ganesh,

I am also facing the same issue. Please let me know if you have find any solution for it.

@elasticsearch is there any bug on this version which correlation is not happening as expected. It was working fine in my previous version 2.3 and 2.4

system · March 28, 2017, 5:49am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.