Get indexed Elasticsearch document body from Logstash

NominaSumpta · February 10, 2022, 3:47pm

Hi,

Is there a way to see the exact body of a document that Logstash indexed? I'm using the Elasticsearch output plugin.

Context: in our production environment, some data is output into Elasticsearch by Logstash. In Elasticsearch, the document has a multi-field (text and keyword). However, keyword is missing in the test. In my test, the documents that Logstash output in production are added manually; I only index the '_source' of the document. I'd like to know the exact document that Logstash indexes to get the mapping right.

Tomo_M · February 11, 2022, 3:59am

_source fields store just as the _source fields in the inputs to Elasticsearch.
Elasticsearch output plugin constructs _source field from any fields in the events in Logstash other than metadata.

The keyword field was created by Elasticsearch according to the multi-field mappings of the target index.
What do you want to get? Can you share sample of stdout ouput and what you want store in Elasticsearch?

output {
  stdout {}
}

NominaSumpta · February 11, 2022, 8:01am

Turns out I do actually have the keyword field in the test documents. Thanks for your reply nonetheless.

Topic		Replies	Views
Why is my document result embedded in "doc" field when importing via Logstash to Elasticsearch? Logstash	1	319	January 20, 2020
Logstash get field from elasticsearch message Logstash	5	720	February 5, 2018
How to get all the source from json that indexed with logstash Logstash	1	335	April 5, 2020
Elastic Search Logstash how to query all fields and get all fields into pipeline? Logstash	1	306	May 5, 2022
Logstash Elasticsearch Input Plugin no source data Logstash	1	309	August 2, 2018

Get indexed Elasticsearch document body from Logstash

Related topics