Elasticsearch Input Filter Returns %{message}

ben-10 · February 13, 2017, 10:11pm

Attempting to use the Elasticsearch input plugin on Logstash 5.2.0, but with the following config:

input {
   elasticsearch {
      hosts => "esearch-cn1:9200"
      index => "logstash_sa_2017.02.06"
      query => '{ "query": { "term": { "parsed_xml.UserID": "testuser" } } }'
   }
}
output {
   std{}
}

With or without the query, the data returned looks like:

2017-02-06T11:37:50.000Z logaggp %{message}
2017-02-06T11:39:50.000Z logaggp %{message}
2017-02-06T12:19:52.000Z logaggp %{message}

Before I go any deeper with query or the final out, what am I missing to get the actual data?

msimos · February 13, 2017, 11:29pm

Hi,

Try using:

output {
stdout { codec => rubydebug }
}

You can start off by using a match_all query and see if that works to be sure you're getting some data.

system · March 13, 2017, 11:29pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Input elasticsearch plugin and codec Logstash	1	305	December 5, 2018
While using elastic search as the input, not able to fetch data using the same index in elastic seach plugin for filter Logstash	3	293	December 27, 2018
Elasticsearch Input Seems To Not Use Provided Query - It Just Dumps All docs in Index Logstash	2	547	September 14, 2017
I don't want all data output to the elasticsearch Logstash	3	565	September 20, 2017
ElasticSearch Input and data manipulation Logstash	4	690	February 28, 2020

Elasticsearch Input Filter Returns %{message}

Related topics