How to create custom document _id in logstash?

kasliwalroshni · January 23, 2018, 9:38am

This is sample logstash output filter.

output
{
   elasticsearch
   {
        hosts => ["localhost"]
        sniffing => true
        manage_template => false
        index => "mqtt-index-%{+YYYY.MM.dd}"
        document_id => "%{parsedMessage.device_id}"
        document_type => "iot_data"
   }
}

This code changes existing _id as %{parsedMessage.device_id} as it is. How to change _id by another field?

devil_srj7 · January 23, 2018, 9:59am

you can replace "parsedMessage.device_id" in document_id => "%{parsedMessage.device_id}"
by any other field you like.

kasliwalroshni · January 23, 2018, 10:07am

thank you devil_srj7......i got it, but the point is that it takes this string as it is as _id like,

_id = %{parsedMessage.device_id}

magnusbaeck · January 23, 2018, 10:08am

See https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html#logstash-config-field-references for the syntax of nested fields.

kasliwalroshni · January 23, 2018, 10:22am

Thank you magnusbaeck. But, this is not nested field. The field name itself is parsedMessage.device_id

magnusbaeck · January 23, 2018, 11:31am

Replace the elasticsearch output with a stdout { codec => rubydebug } output and show an example event produced by Logstash.

kasliwalroshni · January 23, 2018, 12:23pm

issue solved

system · February 20, 2018, 12:23pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Duplicate messages when using custom document_id Logstash	1	752	March 12, 2018
Creating a custom id in a mapping Elasticsearch	7	17977	December 7, 2016
Replacing _id field Logstash	3	658	December 23, 2021
How does logstash generate '_id' when the outputting to elastic search? Logstash	2	7285	July 6, 2017
How to create my own document_id in logstash? Logstash	19	26573	November 4, 2022

How to create custom document _id in logstash?

Related topics