hi ,
plz how can i use the partial update with "doc" in logstash for elasticsearch output?
thanks
Are you looking for something along the lines of: https://www.elastic.co/guide/en/elasticsearch/guide/master/partial-updates.html#partial-updates
yes but it didn t work when i put the doc config in my logstash.json config file
Can you share your logstash output?
this is my logstash.json
input {
file {
path =>"C:\elk\pvin"
type => "logs"
start_position => beginning
sincedb_path => "C:\elkstack\ELK\logstash-5.1.2-Pvin\data\plugins\inputs\file.sincedb_5eed3ff4207ce42c69ff2b34b669aa79"
}
}
filter {
mutate {
gsub => ["message","|"," "]
}
grok {
match => ["message","%{TIMESTAMP_ISO8601:datePvin} : %{UUID:idFlux} %{NUMBER:daterecepPvin} %{NUMBER:datefintraitPvin} %{NUMBER:delai} %{WORD:nomFlux} %{GREEDYDATA:evts} %{WORD:BU} %{NUMBER:reforigin} %{NOTSPACE:contractoidval} %{DATA:useroidval} %{DATA:errorStatus} %{GREEDYDATA:errorDesc} %{NOTSPACE:servname}"]
}
}
output {
elasticsearch {
hosts => "localhost:9200"
index => "router-%{+YYYY.MM.dd}"
action => "update"
document_id => "%{[idFlux]}"
doc => {
"daterecepPvin" => "%{daterecepPvin}"
}
}
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.