Failing to parse and aggregate the Existing Index

pramod_kumar · September 19, 2016, 5:05pm

Hi ,

I am trying to parse the existing index with the logstash config file, But am Failing to parse and aggregate the Existing Index.

I have attached the config file. please correct me if am doing something wrong.

input {
elasticsearch {
hosts => "localhost"
index => "logsummary"
query => '{ "size":0,"aggs":{ "date_filter":{ "filter":{ "range":{ "timestamp":{ "gte":"now-90d/d","lt":"now/d"}}},"aggregations":{ "tenantName_set":{ "terms":{ "field":"tenantName"},"aggregations":{ "version_set":{ "terms":{ "field":"version"},"aggregations":{ "tier_set":{ "terms":{ "field":"tier"},"aggregations":{ "env_type_set":{ "terms":{ "field":"env_type"},"aggregations":{ "Error_Name_set":{ "terms":{ "field":"Error_Name"}, "aggregations":{ "result_set":{ "terms":{ "field":"Error_Description"}}}}}}}}}}}}}}}}'
}
}

output {
stdout{
codec => dots
}
elasticsearch{
hosts=>["localhost:9200"]
index => "sample-poc-aggregation"
}
}

Please let me know, if you need any additional information.

Thanks,
Pramod

pramod_kumar · September 20, 2016, 6:07pm

Hi All,

Please can anyone take initiative and help me with the above issue ??

Thanks
Pramod