Index a document from Logstash using the ‘document_id

P-F · November 30, 2016, 4:44pm

Hi
Basically we want to be able to index a document from Logstash using the ‘document_id’ parameter in the Elasticsearch output to overwrite\update a document and also use curator to delete anything older than 30days.

We have 2 options for this:

Have a single index so the document_id parameter will function in our requirements were it overwrites\updates the existing document but the downfall of this is being able to delete indices older than 30days.
Have a day base index to allow us to delete data older than 30 days but the document_id will only function if it is called on the same day. If a document is indexed the day after we get 2 documents with the same _id, one in todays and one in yesterdays.

Is there a known work around for this

Thanks

magnusbaeck · December 5, 2016, 6:40am

I think you're trying to have your cake and eat it. Document ids are only unique within a particular index, so if you want your document to be known by a single id you need a single index.

system · January 2, 2017, 6:40am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash - not update a document even if document_id is specified Logstash	4	1348	October 6, 2021
Logstash elasticsearch output plugin Document_id and Upserts Logstash	2	425	October 8, 2021
Update document on multiple indices Logstash	2	944	May 3, 2017
How to use document id to avoid duplication of logs? Logstash	8	1852	June 26, 2020
Elastic document_id Logstash	6	1597	April 27, 2023

Index a document from Logstash using the ‘document_id

Related topics