How to keep track on elasticsearch events

kabali12345 · June 9, 2017, 2:56pm

Hi....
here i am trying to push ES data into rabbitMq but
problem is every time i am reading total data which is present in that index
how can i keep option like since_db so that i can read each event once

here is my conf

input {
  elasticsearch {
    hosts => "192.168.1.75:9200"
    index => "netcool"
    user => "elastic"
    password => "changeme"
    query => '{ "query":{ "match_all": {} }, "sort": [ "_doc" ] }'
   # query => '{ "query":{"range" : {    "@timestamp" : {        "gt" : "now-1d   } } }, "sort": [ "_doc" ] }'
    size => 5000
    scroll => "5m"
    type => "ela"
  }
}
output{
      rabbitmq {
          key => "alerts_elk2"
          exchange => "ncoms_elk2"
          exchange_type => "direct"
          user => "admin"
          password => "rabbit@123"
          host => "192.168.1.23"
          port => 5672
          durable => true
          persistent => true
          heartbeat => "5"
          automatic_recovery => true
      }
}

Thank you

magnusbaeck · June 12, 2017, 8:02pm

There's no support for that.

system · July 10, 2017, 8:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Reading new data from elastic using logstash to rabbitMQ Logstash	1	110	October 10, 2023
[Double] Don’t binding name index on Elasticsearch when using RabbitMQ Beats Logstash	2	996	December 28, 2015
Don't binding name index on Elasticsearch when using RabbitMQ Logstash	6	2194	July 6, 2017
How to run logstash conf continuously Logstash	3	1623	June 27, 2017
Elasticsearch plugin - is there a way to keep it forever listening Logstash	3	1199	July 6, 2017

How to keep track on elasticsearch events

Related topics