Is there a way to see the exact body of a document that Logstash indexed? I'm using the Elasticsearch output plugin.
Context: in our production environment, some data is output into Elasticsearch by Logstash. In Elasticsearch, the document has a multi-field (text and keyword). However, keyword is missing in the test. In my test, the documents that Logstash output in production are added manually; I only index the '_source' of the document. I'd like to know the exact document that Logstash indexes to get the mapping right.
_source fields store just as the _source fields in the inputs to Elasticsearch.
Elasticsearch output plugin constructs _source field from any fields in the events in Logstash other than metadata.
The keyword field was created by Elasticsearch according to the multi-field mappings of the target index.
What do you want to get? Can you share sample of stdout ouput and what you want store in Elasticsearch?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.