ES input : ingest aggregation result

smcooper · August 7, 2017, 5:07pm

Hi,

I would like to create an Elasticsearch index containing the result of an aggregation (some statistics), and not the documents of the source index.
I get the expected result from Elasticsearch by including "size":0 in my query, but I can't manage to have logstash ingesting this result through the ES input.
When I define the "size => 0" in the ES input, the query results (stats) aren't indexed at all (more exactly I get nothing out of it, including with stdout{ codec => rubydebug }). If size is positive the hits are indexed.

Could anybody tell me if/how I can index the aggregation result?
Thanks,

Steph

input {
  elasticsearch {
        ...
        index => "logstash-index*" 
        size => 0 
        query => '{ "size":0,  "aggs": {"... "}}' 
}

system · September 4, 2017, 5:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Indexing Aggregate Results Logstash	1	231	November 4, 2019
Aggregation Query possible input ES plugin Logstash	4	5092	July 6, 2017
How to get ES aggregation data as Logstash input? Logstash	5	3581	July 6, 2017
Elasticsearch aggregate Query from logstash Logstash	2	404	December 14, 2017
Logstash - Elastic search input plugin - Aggregation query doesn't seem to work Logstash	2	3256	April 22, 2019

ES input : ingest aggregation result

Related topics