I am using ruby to perform elastic search in logstash config.
The below code works fine , but its returns more than one document because of text based search.
response = client.search index: 'perf_report_by_audit_and_jmeter', body: { query: { match: { 'correlation_id': event.get('correlation_id') } } }
event.set('existing_id', response ['hits']['hits'][0]['_source']['correlation_id'])
while runing elastic query using kibana, I replaced correlation_id with correlation_id.keyword which solved the problem.
But if I use .keyword in ruby filter, error is thrown.
response = client.search index: 'perf_report_by_audit_and_jmeter', body: { query: { match: { 'correlation_id.keyword': event.get('correlation_id') } } }
eval at org/jruby/RubyKernel.java:1079
register at /bpms/ELK/logstash-5.6.3/vendor/bundle/jruby/1.9/gems/logstash-filter-ruby-3.0.4/lib/logstash/filters/ruby.rb:38
register at /bpms/ELK/logstash-5.6.3/vendor/jruby/lib/ruby/1.9/forwardable.rb:201
register_plugin at /bpms/ELK/logstash-5.6.3/logstash-core/lib/logstash/pipeline.rb:290
register_plugins at /bpms/ELK/logstash-5.6.3/logstash-core/lib/logstash/pipeline.rb:301
each at org/jruby/RubyArray.java:1613
register_plugins at /bpms/ELK/logstash-5.6.3/logstash-core/lib/logstash/pipeline.rb:301
start_workers at /bpms/ELK/logstash-5.6.3/logstash-core/lib/logstash/pipeline.rb:311
run at /bpms/ELK/logstash-5.6.3/logstash-core/lib/logstash/pipeline.rb:235
start_pipeline at /bpms/ELK/logstash-5.6.3/logstash-core/lib/logstash/agent.rb:398
Please assist