Looking around on this, is there a guide somewhere (noob guide) that shows how to periodically aggregate data from two sources in my default time index (logs from filebeat to logstash to elasticsearch) to a new index based on my search criteria?
eg. want to bundle up matching data from default index (2 sources) to new index that combines the 2 sources on a matching field and then feed that into Kib
but how do i do this search and create index?
thanks 1000 times
You could use the Elasticsearch input for Logstash to grab the first doc, then use the Elasticsearch filter to grab the second, then merge them accordingly.
As for scheduling, you'd have to use something external to Logstash to do that (eg cron).
i looked at elasticsearch filter.. it could do
need to figure out how it would merge and output a log into a new index
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.