Logstash-Elasticsearch Output Using Templates

Maxwell_Flanders · September 21, 2016, 4:46pm

I have been wondering something about the "template" and "template_overwrite" option in the elasticsearch output plugin for logstash. Because this is part of the output configuration, it should be invoked for every single record that passes through that output block. Does this mean logstash makes a "PUT" api call with the same template for every single record that passes through it?? Because in high-throughput pipelines, even if the template never changed, wouldn't this increase the load on the cluster??

If it does not do that, when DOES it run that template "PUT" operation, because it must have to do that periodically in order to be sure that the template remains up to date.

Thanks!

magnusbaeck · September 21, 2016, 5:43pm

Templates are only installed when Logstash starts up.

Maxwell_Flanders · September 21, 2016, 5:49pm

Oh so if I change a template file referenced in a logstash- elasticsearch output, I still need to restart logstash to see the template change reflected in elasticsearch?

magnusbaeck · September 21, 2016, 6:09pm

Yes. See also https://github.com/logstash-plugins/logstash-output-elasticsearch/issues/380.

I prefer managing the templates outside of Logstash.