Logstash [7.8] problem with an elastic update doc

unknown_user · October 26, 2020, 11:41pm

Hi Guys,

Running into a bit of an issue that I am trying to overcome.

I have a index that only updates documents, specifically I am monitoring devices that are either in an UP or DOWN status and the doc_id is the name of the device. The issue i have is that when there is a DOWN / UP in really quick succession it can't workout which is the latest status as it seems to bulk post to elasticsearch

Initially, i thought that the 4 pipeline workers was causing the problem and transferred the doc's i need to update to a new pipeline with a single worker. This still didn't fix the issue so i set the pipeline.batch.delay,

pipeline.batch.delay: 2

Still having the issue with the batch post not knowing what the latest status is.

Can anyone provide any work around for this? I was thinking of maybe trying the aggregate plugin to solve this issue.

Badger · October 27, 2020, 2:36pm

If you want to avoid the batching that the elasticsearch output does you could use an http filter to send the data to elasticsearch.

unknown_user · October 27, 2020, 10:27pm

Thanks @Badger I haven't used the http filter to send to elasticsearch before.

I'll investigate and see how it goes.

system · November 24, 2020, 10:27pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
[Logstash] Can't update document for status (entity-centric) Logstash	1	280	February 17, 2021
Logstash - not update a document even if document_id is specified Logstash	4	1346	October 6, 2021
Elasticsearch Filter: Facing issue when using elasticsearch filter with logstash Elasticsearch	10	628	December 10, 2020
Update document giving status 404 Elasticsearch	7	1214	May 25, 2018
Logstash(6.5.4) elasticsearch output Elasticsearch	6	232	December 29, 2022

Logstash [7.8] problem with an elastic update doc

Related Topics