Hi,
I would like to create an Elasticsearch index containing the result of an aggregation (some statistics), and not the documents of the source index.
I get the expected result from Elasticsearch by including "size":0 in my query, but I can't manage to have logstash ingesting this result through the ES input.
When I define the "size => 0" in the ES input, the query results (stats) aren't indexed at all (more exactly I get nothing out of it, including with stdout{ codec => rubydebug }). If size is positive the hits are indexed.
Could anybody tell me if/how I can index the aggregation result?
Thanks,
Steph
input {
elasticsearch {
...
index => "logstash-index*"
size => 0
query => '{ "size":0, "aggs": {"... "}}'
}