Logstash-Elasticsearch Output Using Templates

Maxwell_Flanders · September 21, 2016, 4:46pm

I have been wondering something about the "template" and "template_overwrite" option in the elasticsearch output plugin for logstash. Because this is part of the output configuration, it should be invoked for every single record that passes through that output block. Does this mean logstash makes a "PUT" api call with the same template for every single record that passes through it?? Because in high-throughput pipelines, even if the template never changed, wouldn't this increase the load on the cluster??

If it does not do that, when DOES it run that template "PUT" operation, because it must have to do that periodically in order to be sure that the template remains up to date.

Thanks!

magnusbaeck · September 21, 2016, 5:43pm

Templates are only installed when Logstash starts up.

Maxwell_Flanders · September 21, 2016, 5:49pm

Oh so if I change a template file referenced in a logstash- elasticsearch output, I still need to restart logstash to see the template change reflected in elasticsearch?

magnusbaeck · September 21, 2016, 6:09pm

Yes. See also https://github.com/logstash-plugins/logstash-output-elasticsearch/issues/380.

I prefer managing the templates outside of Logstash.

Topic		Replies	Views
Question regarding template_overwrite in logstash output to elasticsearch Logstash	5	2829	July 6, 2017
Index Template vs Logstash Managed Template Elasticsearch	11	1717	July 5, 2017
Logstashでindexを作成する際のmapping 日本語による質問・議論はこちら	3	3825	December 3, 2019
About index template upon output from logstash to elasticsearch Logstash	4	477	July 6, 2017
Logstash 7.0 does ignore index_patterns / template fields in template and overrules that with "logstash-*" Logstash	2	1660	May 30, 2019

Logstash-Elasticsearch Output Using Templates

Related topics