This is sample logstash output filter.
output
{
elasticsearch
{
hosts => ["localhost"]
sniffing => true
manage_template => false
index => "mqtt-index-%{+YYYY.MM.dd}"
document_id => "%{parsedMessage.device_id}"
document_type => "iot_data"
}
}
This code changes existing _id as %{parsedMessage.device_id} as it is. How to change _id by another field?
you can replace "parsedMessage.device_id" in document_id => "%{parsedMessage.device_id}"
by any other field you like.
thank you devil_srj7......i got it, but the point is that it takes this string as it is as _id like,
_id = %{parsedMessage.device_id}
See https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html#logstash-config-field-references for the syntax of nested fields.
Thank you magnusbaeck. But, this is not nested field. The field name itself is parsedMessage.device_id
Replace the elasticsearch output with a stdout { codec => rubydebug } output and show an example event produced by Logstash.
issue solved
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.