TL;DR:
I get bulk inserts, but the index name is not in the output of logstash. How do I get the index name from the input request?
Long version:
I have multiple single index request in bulk form. e.g.:
PUT /_bulk HTTP/1.1
Content-Type: application/json; charset=utf-8
Content-Length: 97
Host: hostname:5555
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.3.1
{"index": { "_index": "test-index-name", "_type": "doc"}}
{ "test":"9b10d1be-8409-4b96-8939-27d3a714e807" }
I want to enhance these requests with logstash. For debug purposes, I have a very simple conf:
input {
http {
port => 5555
codec => es_bulk
}
}
output {
stdout {
codec => rubydebug
}
}
This is the output in the console:
{
"host" => "10.201.18.178",
"@version" => "1",
"headers" => {
"request_uri" => "/_bulk",
"http_accept_encoding" => "gzip",
"content_type" => "application/json; charset=utf-8",
"request_path" => "/_bulk",
"http_user_agent" => "okhttp/3.3.1",
"http_connection" => "Keep-Alive",
"content_length" => "97",
"request_method" => "PUT",
"http_version" => "HTTP/1.1",
"http_host" => "hostname:5555"
},
"@timestamp" => 2018-10-16T12:08:12.848Z,
"test" => "9b10d1be-8409-4b96-8939-27d3a714e807"
}
In the result from logstash, the index name test-index-name is missing.
How do I get that index name, so I can forward the index request to elasticsearch?
Logstash version 6.3.0
Kind regards,
redX