How to get shards from elasticsearch to logstash

deok · July 20, 2018, 2:31am

first i am sorry than i poored at english

i want to get a shards... and print out the log file

i used elasticsearch for search engine....

this result is an api using the postman
get : xxx.x.xx.xxx:9800/searchlog_201807*

result >>>>

    "mappings": {
        "keywordlog": {
            "_meta": {
                "index_name": "searchHistory",
                "type_name": "searchHistory"
            },
            "properties": {
                "custNo": {
                    "type": "keyword"
                },
                "insertByAdmin": {
                    "type": "boolean"
                },
                "insertDate": {
                    "type": "date"
                },
                "ipAddr": {
                    "type": "keyword"
                },
                "isSuccess": {
                    "type": "boolean"
                },
                "searchWord": {
                    "type": "keyword"
                }
            }
        }
    },

but i want convert this form and printout logfile

2018-07-20 11:23:14 custNo:xxxx , insertByAdmin:xxxx, insertData:xxxxxx, ipAddr: xxxxxx, isSuccess: xxxx, searchWord: xxxx

logstash config...

input {
elasticsearch{
port => "9800"
host => "xxx.xx.xx.xxx"
index => "searchlog_*"
docinfo => true
}
}
filter{
ruby{

code => "event.set('date_index',event.timestamp.time.localtime.strftime('%Y%m%d'))"

}
output {
file {
codec => line {
format => "%{[message]}"
}
path=>["/applog/logstash/test.log"]

}

how to write logstash config?
(logstash 5.2.2)
plz help me....

warkolm · July 20, 2018, 3:09am

It's best if you keep your question to one topic. Feel free to update the original one with more info, like this config - How to get shards from elasticsearch to logstash?