Index a document from Logstash using the ‘document_id

P-F · November 30, 2016, 4:44pm

Hi
Basically we want to be able to index a document from Logstash using the ‘document_id’ parameter in the Elasticsearch output to overwrite\update a document and also use curator to delete anything older than 30days.

We have 2 options for this:

Have a single index so the document_id parameter will function in our requirements were it overwrites\updates the existing document but the downfall of this is being able to delete indices older than 30days.
Have a day base index to allow us to delete data older than 30 days but the document_id will only function if it is called on the same day. If a document is indexed the day after we get 2 documents with the same _id, one in todays and one in yesterdays.

Is there a known work around for this

Thanks

magnusbaeck · December 5, 2016, 6:40am

I think you're trying to have your cake and eat it. Document ids are only unique within a particular index, so if you want your document to be known by a single id you need a single index.

system · January 2, 2017, 6:40am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash - not update a document even if document_id is specified Logstash	4	1346	October 6, 2021
Logstash elasticsearch output plugin Document_id and Upserts Logstash	2	424	October 8, 2021
Elastic document_id Logstash	6	1542	April 27, 2023
Querying specific documents by doc _id via elasticsearch filter plugin in logstash Logstash	1	246	March 26, 2021
Update existing document Logstash	3	195	June 9, 2022

Index a document from Logstash using the ‘document_id

Related Topics