Logstash elasticsearch output, expand variables in data stream parameters

ebourlon · June 8, 2021, 9:39am

Hello,

I am using logstash 7.13.1 that has support for datastreams in the elasticsearch output.
As far as I looked at it is not possible to specify a variable in one of the datastream related parameter like below:

  elasticsearch {
	hosts => "localhost"
	data_stream => "true"
	data_stream_type => "metrics"
	data_stream_dataset => "iib"
	data_stream_namespace => "%{[@metadata][namespace]}"
  }

This will use "%{[@metadata][namespace]}" as a string.
Am I correct? Maybe an e.sprintf() to add there?

Br,

Badger · June 8, 2021, 8:02pm

Take a look at data_stream_auto_routing. Looking at the code it expects a field called [data_stream]

{ "data_stream": { "type": "foo", "dataset": "bar", "namespace": "baz" } }

You could build that using sprintf references in a mutate filter.

ebourlon · June 9, 2021, 6:13am

Thanks. This is indeed the solution.
That's what's happening when people don't read the manual

system · July 7, 2021, 6:13am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Use field name in datastream namespace or dataset Logstash	6	2223	May 12, 2022
Manage several data stream(s) in the elasitcsearch output with interpolation Logstash datastreams	2	846	June 6, 2023
Logstash elasticsearch output - data_stream_auto_routing Logstash	2	1536	March 21, 2022
Elastic search indices, what variables are available? Logstash	5	4086	July 6, 2017
Dynamic naming of data-streams Logstash datastreams	3	1346	October 1, 2021

Logstash elasticsearch output, expand variables in data stream parameters

Related topics