How to update elasticsearch index?

Elastic Stack Kibana
1

I have this output plugin in Logstash to create elastic search index.

output {
    amazon_es {
       hosts => ["https://xxxxxxxxxxxxxxxx.es.amazonaws.com/"]
       region => "ap-southeast-1"
       index => "studentservice-logs-%{+YYYY.MM.dd}"
   }
}

I want to update this index later because there will be some new fields added by mutate for some log messages.

How to update index ?

2

hi @volcano,

this seems more like a logstash question, so I will move this question there

As for adding new fields: you should be able to add a new field to an index at any time. afaik, I don't think logstash prevents you from doing this.

The configuration you are showing is the actual output-index though (?) Do you mean to change the elasticsearch-index itself?

3

My Issue is :

I have added new fields in logstash.conf file by the mutate filter But these new fields are not visible in Kibana index pattern. I have already refreshed Kibana index pattern but still it is not visible.

what to look at to fix this issue ?

4

is the _mapping of your index correctly updated as well?

ie. run GET localhost:9200/logstashindex/_mapping in Kibana dev-tools or in browser.

5

No.....Not updated.

I checked this
GET localhost:9200/logstashindex/_mapping in Kibana dev-tools

I dont see the new fields in the result.

what to do next ?

6

although I find the fields in debug mode and in stdout.

7

hmmm... it seems your fields are not added to the elasticsearch index.

Can you look at an example document? e.g. just do an _search against the index. Does that document contain the expected fields?

If that document does not contain the expected fields,, something is going wrong in the ingestion process..

8

_search against the index

 GET /service-logs-2020.01.05/_search
{
    "query": {
        "match_all" : { }
    }
}

This does not also show new fields .

9

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.