Hi,
I've encountered the following problem with ES 5.4 and LS 5.4./6.3: I want to read from an elasticsearch cluster with logstash but no document data is returned, just:
{"@timestamp":"2018-07-05T10:34:57.049Z","@version":"1"}{"@timestamp":"2018-07-05T10:34:57.049Z","@version":"1"}
with the following logstash configuration:
input {
elasticsearch {
hosts => "<my-cluster>"
index => "mydata-2018.09.*"
query => '{ "query": { "query_string": { "query": "*" } } }'
scroll => "5m"
docinfo => true
}
}
output {
stdout {
codec => json
}
elasticsearch {
index => "copy-of-production.%{[@metadata][_index]}"
document_type => "%{[@metadata][_type]}"
document_id => "%{[@metadata][_id]}"
}
}
The metadata Index is perfectly fine created, however there is no source imported.
Did I miss something in the configuration?
Cheers,
Stefan