Logstash elasticsearch output, expand variables in data stream parameters

ebourlon · June 8, 2021, 9:39am

Hello,

I am using logstash 7.13.1 that has support for datastreams in the elasticsearch output.
As far as I looked at it is not possible to specify a variable in one of the datastream related parameter like below:

  elasticsearch {
	hosts => "localhost"
	data_stream => "true"
	data_stream_type => "metrics"
	data_stream_dataset => "iib"
	data_stream_namespace => "%{[@metadata][namespace]}"
  }

This will use "%{[@metadata][namespace]}" as a string.
Am I correct? Maybe an e.sprintf() to add there?

Br,

Badger · June 8, 2021, 8:02pm

Take a look at data_stream_auto_routing. Looking at the code it expects a field called [data_stream]

{ "data_stream": { "type": "foo", "dataset": "bar", "namespace": "baz" } }

You could build that using sprintf references in a mutate filter.

ebourlon · June 9, 2021, 6:13am

Thanks. This is indeed the solution.
That's what's happening when people don't read the manual

system · July 7, 2021, 6:13am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Manage several data stream(s) in the elasitcsearch output with interpolation Logstash datastreams	2	832	June 6, 2023
Elastic search indices, what variables are available? Logstash	5	4086	July 6, 2017
Use of variables in a query in logstash Logstash	13	3378	June 22, 2020
Set variable in configuration file Logstash	6	435	November 7, 2022
Trouble with string interpolation in datastream naming Logstash	4	123	April 2, 2024

Logstash elasticsearch output, expand variables in data stream parameters

Related Topics