Hi,
I would like to set the user of the elasticsearch output plugin dynamically based on the value of a field. Using the the syntax like %{user} doesn't work. Is there a way to achieve what I want?
All events in a batch sent to an Elasticsearch output will be indexed as a single bulk request, so different events can not log in as different users. For that I believe you will need to use different output plugins. What is the rationale behind this requirement?