Export CSV data from Elasticsearch using Logstash

ice2021 · April 29, 2021, 6:49pm

Hi,

I am trying to extract pivoted data from ES using Logstash. It works on Kibana but not on Logstash.

`Error: [400] {"error":{"root_cause":[{"type":"parsing_exception","reason":"Unknown key for a VALUE_STRING in [query].","line":1,"col":10}],"type":"parsing_exception","reason":"Unknown key for a VALUE_STRING in [query].","line":1,"col":10},"status":400}`

    input {
     elasticsearch {
        hosts => "localhost:9200"
        index => "myindex"
        query => '
      {"query":
          "select * from (select A,B, key, value from myindex) pivot(sum(value) for key in (\"Value1\") )"
          }
      '
      }
    }

This works in Kibana. The only difference is the single quote.

    POST /_sql?format=txt
    {
        "query": "select * from (select A, B, key, value from myindex) pivot(sum(value) for key in ('Value1') )"
    }

Badger · April 29, 2021, 7:10pm

The elasticsearch input uses _search, not _sql, so you cannot use SQL syntax in queries.

ice2021 · April 29, 2021, 9:47pm

Ah thanks. I will convert it.

system · May 27, 2021, 9:48pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.