I'm new to elasticsearch and i'm trying to get the last known state from a database to compare it with the actual status, however something is not working
input {
exec {
command => "sh -c '/usr/local/bin/chkdb.sh'"
interval => 30
type => "db_status"
}
}
filter {
if [type] == "db_status" {
if [message] =~ /OK/ {
mutate {
add_field => [ "oradb_status", "UP" ]
}
} else {
mutate {
add_field => [ "oradb_status", "DOWN" ]
}
}
elasticsearch {
query => "type:db_status"
fields => { "oradb_status" => "prev_stat" }
}
}
}
output {
stdout { codec => rubydebug }
elasticsearch { hosts => ["localhost:9200"]
index => "oracle-%{[type]}-%{+YYYY.MM.dd}"
}
}
however when i query the index the field prev_stat is always empty.
Anyone cant tell me what am i doing wrong?
The /usr/local/bin/chkdb.sh script returns OK or ERROR depending if DB is UP or not and its working as in field oradb_status i'm getting values
thanks