How to make the Elasticsearch crud operation to be reflected in mysql database

(Sucheta Shrivastava) #1

HI Folks,

I have installed ELK 6.2.3 on ubuntu 16.04. I have connected my sql database with ELK. I am able to see all the changes which have been done in mysql on ElasticSearch through search query . But when i am trying to perform CRUD operation on Elasticsearch , i am successful to make changes on Elastic search but those changes don't reflect on Mysql.

Is there a way to do that ? I am unable to find any changes on mysql. Please Help.

(Christian Dahlqvist) #2

You will need to handle that at the application layer and update The database at the same time you update Elasticsearch.

(Sucheta Shrivastava) #3

can't the updation done in ElasticSearch automatically reflect into mySQL database ?

(Christian Dahlqvist) #4

I am not aware of any mechanism to achieve that currently.

(David Pilato) #5


(Sucheta Shrivastava) #6

I am giving you the output of my logstash conf file below

`                 input {
                 jdbc {
                 jdbc_driver_library => "/../mysql-connector-java-5.1.45/mysql-connector-java-5.1.45-bin.jar"
                 jdbc_driver_class => "com.mysql.jdbc.Driver"
                 jdbc_connection_string => "jdbc:mysql://ipaddress:3306/ESBDB?autoReconnect=true"
                jdbc_user => "abc"
                jdbc_password => "abc"
                jdbc_paging_enabled => "true"
                jdbc_page_size => "5000000"
               schedule => "* * * * *"
              statement => "SELECT * from C_SYSTEM"
               use_column_value => true
               tracking_column => "%{SYS_ID}"
              clean_run => true
              filter {
              grok { match => [ "message", "%{GREEDYDATA:message}" ] }

         output {
          stdout {codec => json_lines}
        elasticsearch {
          hosts => ["ipaddress:9200"]
          index => "mysql_db"
         document_type => "test_elk_001"
           document_id => "%{sys_id}"


(David Pilato) #7

Here it seems that your logstash configuration reads data from the database and writes to elasticsearch. Not the other way around. So what you described seems to be "normal" to me.
If not please explain what you want to do.

My recommendation is to always do the updates in the database which will update Elasticsearch with LS. But not the other way.

