Logstash Elasticsearch plugin compare inputs

Armen_Petrosyan · June 7, 2021, 12:57pm

I have logstash configured to have two inputs from different ES clusters

    input {
    elasticsearch {
        hosts => ["xxx:111"]
        ssl => true
        user => ""
        password => ""
        ca_file => ""
        index => "*"
        docinfo => true
    }
    elasticsearch {
        hosts => ["jjj:9200"]
        ssl => true
        user => ""
        password => ""
        ca_file => ""
        index => "*"
        docinfo => true
    }      
}
filter {
 mutate {
  remove_field => ["@version", "@timestamp"]
 }
}
output {
  stdout { codec => rubydebug }
}

I would like to compare _source of each document between those inputs. In case if it is not the same - print it to the log.

Is there any way to do that? Maybe some specific compare plugin?

Badger · June 7, 2021, 5:01pm

The events from each input are processed separately by logstash. You might be able to do it by using an elasticsearch input for one cluster, then using an elasticsearch filter to look up the same document in the other cluster.

Armen_Petrosyan · June 8, 2021, 6:12am

Sound great, but can you please maybe share some config example for that, let's suppose _id from the first cluster is the field I want to search in second cluster in order to find the doc for comparing it.

Armen_Petrosyan · June 9, 2021, 3:20pm

@Badger could you please provide some an example of how to do it?
And does it mean that each document will be processed separately (checked/filtered)? If yes, it sounds like it might take a lot of time to check hundred of thousands doc and many pings to target cluster...

Badger · June 9, 2021, 3:50pm

No, I cannot provide an example because I do not run elasticsearch. An API call to ES is going to be expensive compared to many other pipeline operations.

Armen_Petrosyan · June 10, 2021, 7:23am

No, I cannot provide an example because I do not run elasticsearch.

I understand, thanks

Don't sure what does it mean? Could you maybe point me the the example how I can look up by id for example? And how to compare each field?

Badger · June 10, 2021, 4:07pm

There is an example of using an elasticsearch filter here.

system · July 8, 2021, 4:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Accessing/comparing fields from two different input plugins in filter, simultaneously Logstash	11	1089	June 22, 2020
How this elasticsearch input plugin works in logstash? Logstash	4	3479	January 20, 2021
Hook one elasticsearch with another ES using logstash Logstash	5	682	September 8, 2017
Comparing fields from input Logstash	3	662	August 4, 2019
Logstash elasticsearch input plugin logs duplication Logstash	4	765	September 13, 2018

Logstash Elasticsearch plugin compare inputs

Related topics