Logstash [7.8] problem with an elastic update doc

unknown_user · October 26, 2020, 11:41pm

Hi Guys,

Running into a bit of an issue that I am trying to overcome.

I have a index that only updates documents, specifically I am monitoring devices that are either in an UP or DOWN status and the doc_id is the name of the device. The issue i have is that when there is a DOWN / UP in really quick succession it can't workout which is the latest status as it seems to bulk post to elasticsearch

Initially, i thought that the 4 pipeline workers was causing the problem and transferred the doc's i need to update to a new pipeline with a single worker. This still didn't fix the issue so i set the pipeline.batch.delay,

pipeline.batch.delay: 2

Still having the issue with the batch post not knowing what the latest status is.

Can anyone provide any work around for this? I was thinking of maybe trying the aggregate plugin to solve this issue.

Badger · October 27, 2020, 2:36pm

If you want to avoid the batching that the elasticsearch output does you could use an http filter to send the data to elasticsearch.

unknown_user · October 27, 2020, 10:27pm

Thanks @Badger I haven't used the http filter to send to elasticsearch before.

I'll investigate and see how it goes.

system · November 24, 2020, 10:27pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Mongodb-input-logstash problem Logstash	1	330	June 17, 2019
[Logstash] Can't update document for status (entity-centric) Logstash	1	280	February 17, 2021
Logstash - not update a document even if document_id is specified Logstash	4	1348	October 6, 2021
How to update Mulitple Documents of an index using logstash? Logstash	1	642	November 24, 2017
Update to elasticsearch fails when lines are parsed one after another Logstash	2	647	July 6, 2017

Logstash [7.8] problem with an elastic update doc

Related topics