How Logstash reparse Elasticsearch input

Abhishek · September 16, 2016, 11:05am

Hi All,

Suppose I have elasticsearch index_1 with some data. I've created a new index index_2 and created a logstash pipeline to replicate data from index_1 to index_2. After having all data in index_2, pipeline is closed.

Now I've inserted new documents in index_1, and run logstash pipeline again. What will happen now,

will it replicate all the data from index_1?
or only newly created documents will be considered? if yes, how logstash keep tracking of documents. I can see 'timestamp' added in logs, but not able to understand the behaviour.

Thanks,
Abhishek

warkolm · September 17, 2016, 5:50am

It will do the first one unless you put a query that's associated with the timeframe in the input.

Topic		Replies	Views
Elasticsearch input on logstash duplicating documents Logstash	1	291	October 20, 2020
Reindex data on old ES version using Logstash Logstash	6	257	June 10, 2021
Will logstash duplicate already indexed data in elasticsearch? Logstash	2	1122	July 6, 2017
Reparsing same files Logstash	2	296	November 5, 2018
Will the elasticsearch input plugin of logstash ensure no repeat reading after restart? Logstash	1	165	June 6, 2023

How Logstash reparse Elasticsearch input

Related Topics