Logstash config - elasticsearch to elasticsearch

giangra · November 21, 2017, 10:46am

Goodmorning everyone,
I need to know if there is a possibility to set elasticsearch as input (also as an output), parsing all the logs I had previously parsed with logstash.
For example:
I have parsed all my akamai logs with a logstash configuration. Now I need to reparse the same logs file changing index. For now I've configured my configuration file this way:

input {
elasticsearch {
hosts => ["http://192.168.1.3:9200/"]
user => "elastic"
password => "changeme"
index => "akamai_logs*"
query => '{ "query": { "match_all": {} } }'
size => 500
scroll => "5m"
docinfo => true
}
}
output {
elasticsearch {
hosts => ["http://192.168.1.3:9200/"]
user => "elastic"
password => "changeme"
index => "newindex"
}
stdout { codec => rubydebug }
}

What am I doing wrong?

Thanks for the support!

Christian_Dahlqvist · November 21, 2017, 10:50am

Have you considered using the reindex API to reindex from remote?

giangra · November 21, 2017, 10:52am

Yes, but for my purpose it's not the best solution. Because in the near future I need to parse elasticsearch logs indexed by Graylog.

Christian_Dahlqvist · November 21, 2017, 10:54am

I don't have any experience with Graylog. Why would that data pose a problem?

system · December 19, 2017, 10:54am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Input as elasticsearch and output to logstash Logstash	7	34	October 1, 2024
Logstash to Re-index Elasticsearch indexes Logstash	4	1575	July 6, 2017
Migrating Elastic Search Data Using Logstash Logstash	1	288	June 14, 2019
LOGSTASH Using different input index than the one specified Logstash	4	243	October 10, 2022
Example Inputs logtash configuration Logstash	1	173	August 16, 2023

Logstash config - elasticsearch to elasticsearch

Related topics