Logstash Elasticsearch Input Plugin no source data

stefah · July 5, 2018, 10:50am

Hi,

I've encountered the following problem with ES 5.4 and LS 5.4./6.3: I want to read from an elasticsearch cluster with logstash but no document data is returned, just:

{"@timestamp":"2018-07-05T10:34:57.049Z","@version":"1"}{"@timestamp":"2018-07-05T10:34:57.049Z","@version":"1"}

with the following logstash configuration:

input {
  elasticsearch {
    hosts => "<my-cluster>"
    index => "mydata-2018.09.*"
    query => '{ "query": { "query_string": { "query": "*" } } }'
    scroll => "5m"
    docinfo => true
  }
}
output {
  stdout { 
    codec => json
 }
  elasticsearch {
    index => "copy-of-production.%{[@metadata][_index]}"
    document_type => "%{[@metadata][_type]}"
    document_id => "%{[@metadata][_id]}"
  }
}

The metadata Index is perfectly fine created, however there is no source imported.

Did I miss something in the configuration?

Cheers,
Stefan

system · August 2, 2018, 10:50am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elasticsearch input missing [@metadata][_index] Logstash	14	2340	April 15, 2020
Data missing with logstash elasticsearch-input-plugin Logstash	1	299	April 2, 2020
How this elasticsearch input plugin works in logstash? Logstash	4	3464	January 20, 2021
Aws elasticsearch input plugin Logstash	1	575	August 12, 2019
Elasticsearch Input Seems To Not Use Provided Query - It Just Dumps All docs in Index Logstash	2	547	September 14, 2017

Logstash Elasticsearch Input Plugin no source data

Related topics