My trick:
- I wrote the php-utility that made multiple queries to ES with different console arguments tuning.
- In logstash I used the 'exec' input plugin
If someone interesting:
Utility response example (new line separated)
{"id":1478231999,"created_at":"2016-11-03T23:59:59.000Z","one-chart-complex-value":17,"another-chart-value":3,"something-else-calculated":4}
{"id":1478145599,"created_at":"2016-11-02T23:59:59.000Z","one-chart-complex-value":14,"another-chart-value":2,"something-else-calculated":5}
Logstash exec plugin config
input {
exec {
command => '/etc/logstash/php/daily_chart 5'
interval => 14400
type => 'daily_chart'
codec => multiline {
pattern => "^\n"
what => "previous"
}
}
}
filter {
if [type] == "daily_chart" {
json {
source => "message"
}
mutate
{
convert => [ "created_at", "string" ]
remove_field => [ "command", "message", "host" ]
}
date {
match => ["created_at", "ISO8601"]
target => ["@timestamp"]
}
}
}
output {
if [type] == "daily_chart" {
elasticsearch {
# common ES output
}
}
}