Hi,
I would like to set the user of the elasticsearch output plugin dynamically based on the value of a field. Using the the syntax like %{user} doesn't work. Is there a way to achieve what I want?
All events in a batch sent to an Elasticsearch output will be indexed as a single bulk request, so different events can not log in as different users. For that I believe you will need to use different output plugins. What is the rationale behind this requirement?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.