Elasticsearch filter is not working in logstash

Elastic Stack Logstash
1

Hi,
I'm using new version of logstash(5.2.0) and i'm facing correlation issue in that. Kinldy find the below detail of my issue,

Actually im trying to move some fields from index 1 to another index 2.
Already i processed the index 1 data and indexed in elasticsearch. Elasticsearch filter condition is written in index 2 to fetch the value from index 1. Please find the elasticsearch query below

elasticsearch {
				query_template => "/template.json"
			  					
		               }

template.json

{
    "query": {
      "query_string": {
       "query": "type:gvsh_reqold AND dlr_dlrCode:%{dlr_dlrCode} AND getVehicle_VIN:%{getVehicle_VIN}"
      }
    },
   "_source": ["vehicle_SSC","vehicle_SSC"]
 }

i want to tranfer the vehicle_SSC from index 1 to index 2. I'm not getting any error in logstash and please find the logstash message below,

[2017-02-21T23:37:46,627][INFO ][logstash.filters.elasticsearch] Querying elasticsearch for lookup {:params=>{:index=>"", :body=>{"query"=>{"query_string"=>{"query"=>"type:gvsh_reqold AND dlr_dlrCode:0231236 AND getVehicle_VIN:abcd123"}}, "_source"=>["vehicle_SSC", "vehicle_SSC"]}}}

Please help me to resolve this issue asap.

2

@magnusbaeck can you give me the solution for my query

3

Hi Ganesh,

I am also facing the same issue. Please let me know if you have find any solution for it.

@elasticsearch is there any bug on this version which correlation is not happening as expected. It was working fine in my previous version 2.3 and 2.4

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.