Hello, I am using logstash 7.13.1 that has support for datastreams in the elasticsearch output. As far as I looked at it is not possible to specify a variable in one of the datastream related parameter like below: elasticsearch { hosts => "localhost" data_stream => "true" data_stream_type => …

Logstash elasticsearch output, expand variables in data stream parameters

Badger June 8, 2021, 8:02pm 2

Take a look at data_stream_auto_routing. Looking at the code it expects a field called [data_stream]

{ "data_stream": { "type": "foo", "dataset": "bar", "namespace": "baz" } }

You could build that using sprintf references in a mutate filter.

2 Likes

Topic		Replies	Views
Manage several data stream(s) in the elasitcsearch output with interpolation Logstash datastreams	2	1066	June 6, 2023
Logstash elasticsearch output - data_stream_auto_routing Logstash	2	2111	March 21, 2022
String inteprolation in logstash data_stream fields Logstash	7	782	November 23, 2022
Use field name in datastream namespace or dataset Logstash	6	2856	May 12, 2022
Dynamic naming of elasticsearch data-streams Logstash	13	2294	March 28, 2023