How to create custom document _id in logstash?

kasliwalroshni · January 23, 2018, 9:38am

This is sample logstash output filter.

output
{
   elasticsearch
   {
        hosts => ["localhost"]
        sniffing => true
        manage_template => false
        index => "mqtt-index-%{+YYYY.MM.dd}"
        document_id => "%{parsedMessage.device_id}"
        document_type => "iot_data"
   }
}

This code changes existing _id as %{parsedMessage.device_id} as it is. How to change _id by another field?

devil_srj7 · January 23, 2018, 9:59am

you can replace "parsedMessage.device_id" in document_id => "%{parsedMessage.device_id}"
by any other field you like.

kasliwalroshni · January 23, 2018, 10:07am

thank you devil_srj7......i got it, but the point is that it takes this string as it is as _id like,

_id = %{parsedMessage.device_id}

magnusbaeck · January 23, 2018, 10:08am

See https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html#logstash-config-field-references for the syntax of nested fields.

kasliwalroshni · January 23, 2018, 10:22am

Thank you magnusbaeck. But, this is not nested field. The field name itself is parsedMessage.device_id

magnusbaeck · January 23, 2018, 11:31am

Replace the elasticsearch output with a stdout { codec => rubydebug } output and show an example event produced by Logstash.

kasliwalroshni · January 23, 2018, 12:23pm

issue solved

system · February 20, 2018, 12:23pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Replacing _id field Logstash	3	725	December 23, 2021
Config '_id' generation Logstash	3	807	July 6, 2017
Document_id overwriting all the data Logstash	3	660	November 28, 2017
Document_id is value Logstash	3	2319	December 27, 2020
How to add field value to _Id value using logstash Logstash	1	318	November 8, 2018

How to create custom document _id in logstash?

Related topics