Forwarding the http input data to http output data

Badger · March 12, 2025, 8:24pm

For the original data format the following might work

    mutate { gsub => [ "message", "\r", "" ] }
    mutate { split => { "message" => "
" } }
    ruby {
        code => '
            msg = event.get("message")
            if msg.is_a? Array
                while msg.length > 1 do
                    clone = event.clone
                    clone.set("message", msg.shift(2))

                    new_event_block.call(clone)
                end
                if msg.length > 0
                    logger.warn("Content is uneven")
                    event.set("message", msg)
                else
                    event.cancel
                end
            end
        '
    }
    if [message][1] {
        json { source => "[message][1]" }
        json { source => "[message][0]" target => "[@metadata][operation]" }
    }

and in the output section

if [@metadata][index] {
    elasticsearch {
        index => "%{[@metadata][operation][index][_index]}"
        ....

As noted before, this doesn't handle create, update, etc.

Topic		Replies	Views
Forwarding my bulk records from Http Input Plugin to Elasticsearch Output Plugin - Discuss the Elastic Stack Logstash	23	79	March 17, 2025
Http output plugin json_batch format to Http input plugin Logstash	9	3652	May 31, 2018
File input plugin not sending to elasticsearch Logstash	4	1232	November 9, 2017
How to send headers using http input plugin in logstash Logstash	4	760	June 30, 2020
Using request_path to create output filter? Logstash	3	1070	May 2, 2018

Forwarding the http input data to http output data

Related topics