How to set the period at which the Elasticsearch filter in logstash

Yungyoung_Ok · June 11, 2019, 12:28am

I'd like to set the period at which the Elasticsearch filter in logstash flies the query.

When data is received through the input, the value of the id field is dropped into the query to obtain the name corresponding to the id from the existing index.

The problem is that the filter runs the query at a slower rate, periodically the result(dashboard field) is displayed as nil.

How do we solve this problem?

Here is my code..

elasticsearch {
hosts => ["localhost:9200"]
index => ".kibana"
query => "_id:/dashboard?/%{[args][objects][id]}"
fields => {"dashboard" => "dashboard"}
enable_sort => false
}

mutate {
add_field => {
"title" => "%{[dashboard][title]}"
}

warkolm · June 11, 2019, 12:31am

Have you seen https://www.elastic.co/guide/en/logstash/current/plugins-inputs-elasticsearch.html#_scheduling?

Yungyoung_Ok · June 11, 2019, 1:03am

I want to use query in filter instead of input.

This is because we want to create a query condition with data that has been read into the file bit, and we want to fetch only one data that satisfies the condition.

warkolm · June 11, 2019, 1:08am

Oh sorry, you can't do that. I thought there was an enhancement request for this in the repo but I can't see one, so it might be best to raise one

Yungyoung_Ok · June 11, 2019, 1:28am

It's really sad.
Is there any other way to join the data in the Elastic Search and the collected data?

system · July 9, 2019, 1:28am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.