How to query elasticsearch with array as parameter

rae93 · August 3, 2023, 3:23am

I have a logstash config like this

input { http { port => 8092 } }

filter {
	ruby {
		code => '
			event.set("[@metadata][leadArr]", [])
			c = event.get("[@metadata][leads]")
			c.each { |value, index|
				temp = event.get("[@metadata][leadArr]") << value["lead"]
				event.set("[@metadata][leadArr]", temp)
			}
		'
	}

	elasticsearch {
		hosts => ["${ES_ADDRESS}"]
		index => "myindex"
		query_template => "/queries/abc.json"
		fields => {
			"resource" => "[@metadata][leadss]"
		}
	}

	ruby { code => 'event.set("[@metadata][attributes][leadsss]", [ event.get("[@metadata][leadss]") ])' }

}

output {
	elasticsearch {
		hosts => ["${ES_ADDRESS}"]
		index => "ci-customer"
		document_id => "%{[@metadata][id]}"
	}
    #   stdout { }
	stdout { codec => rubydebug { metadata => true }}
}

and with query template abc.json

{
    "size": 100,
	"query" : {
		"terms" : {
			"resource.name" : ["%{[@metadata][leadArr]}"]
		}
	}
 }

My problem is, whenever [@metadata][leadArr] has a value, the result will be as expected, but when leadArr has 2 or more values, the result will return empty. How do I fix this template ?

system · August 31, 2023, 3:24am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash query template Logstash	11	5037	September 1, 2017
Query_Template Format in Elastic Search filter plugin Logstash	1	514	August 1, 2018
How to query elasticsearch and take some fields from old data Logstash	3	7566	March 17, 2017
Elasticsearch PHP client pass value to query from array Elasticsearch	1	681	September 19, 2017
Logstash having problem with elasticsearch filter Logstash	5	316	April 20, 2020

How to query elasticsearch with array as parameter

Related topics