Hello, It is not clear for me how to tell Logstash which field from my Oracle table corresponds to specific field of my predefined Elasticsearch index.
For example, I have the following SQL configured in the .conf file using jdbc input in Logstash:
Select id_log, nombre_procedimiento, mensaje, detalle, fecha, to_char(trunc(fecha),'YYYY-MM-DD') fechadia from STGCBPRD.STG_FT_LOG where fecha BETWEEN TRUNC(SYSDATE)-1 AND TRUNC(SYSDATE)
On the other side, I have an index (named: logbim) with the following mapping structure:
{
"settings": {
"index": {
"number_of_shards": 1,
"number_of_replicas": 1
}
},
"mappings": {
"properties": {
"@timestamp": {
"type": "date"
},
"@version": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"detalle": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"fecha": {
"type": "date"
},
"fechadia": {
"type": "keyword"
},
"id_log": {
"type": "long"
},
"mensaje": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"nombre_procedimiento": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
}
}
The question is, how to specify in Logstash (for example) that the field "id_log" from the Oracle SQL, corresponds to the field "id_log" at the index predefined in Elasticsearch ?. Does Logstash do a match by name ?.
Below is my .conf file for Logstash. Thank you!.
input {
jdbc {
jdbc_validate_connection => true
jdbc_connection_string => "jdbc:oracle:thin:@172.26.150.124:1525/BIPRD"
jdbc_user => "DWHCBPRD"
jdbc_password => "xxxxxxxx"
jdbc_driver_library => "D:\Temp\SW\ELK\OJDBC-Full\ojdbc7.jar"
jdbc_driver_class => "Java::oracle.jdbc.driver.OracleDriver"
statement => "Select id_log, nombre_procedimiento, mensaje, detalle, fecha, to_char(trunc(fecha),'YYYY-MM-DD') fechadia from STGCBPRD.STG_FT_LOG where fecha BETWEEN TRUNC(SYSDATE)-1 AND TRUNC(SYSDATE)"
}
}
output {
elasticsearch {
hosts => ["http://127.0.0.1:9200"]
index => "logbim"
#user => "elastic"
#password => "changeme"
}
}