With the introduction of the new join datatype, parent child relationships have been updated to a new format. How can I use Logstash to specify the field that will be used as the join between the parent and the child.
Docuemntation: https://www.elastic.co/guide/en/elasticsearch/reference/current/parent-join.html
I also see that the Elastic Search output plugin has a parent field that will allow me to set the parent for the child but how do I setup the mapping to begin with using Logstash?
I figured it out:
First setup your mapping to create the join field.:
(Not sure how to do this straight from logstash. If someone else does please let me know.)
PUT logstash-index-name
{
"mappings": {
"doc": {
"properties": {
"join_field": {
"type": "join",
"relations": {
"customer": "actions"
}
}
}
}
}
}
You can add a parent via Logstash with:
mutate {
add_field => { "join_field" => "customer" }
}
And you can add a child like this:
mutate {
add_field => {"[join_field][name]" => "actions"}
add_field => {"[join_field][parent]" => "%{parent_id}"}
}
You also need to add the routing id in the Logstash output Elastic Search plugin:
if [type] == "child_actions" {
elasticsearch {
hosts => [ "localhost:9200" ]
index => "logstash-index-name"
routing => "%{parent_id}"
}
}
All child documents will now have the "join_field" as a nested field.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.