Logstash http_poller input supports any Manticore Client options.
Example:
input {
# To improve performance, search only today and yesterday's index
# Percent Encoded: "<.monitoring-es-2-{now%2Fd}>,<.monitoring-es-2-{now-1d}>/_search"
# See https://www.elastic.co/guide/en/elasticsearch/reference/current/date-math-index-names.html
http_poller {
urls => {
my_es_cluster => {
method => post
url => "http://localhost:9200/%3C.monitoring-es-2-%7Bnow%2Fd%7D%3E,%3C.monitoring-es-2-%7Bnow-1d%7D%3E/_search"
body => '{ "query": { "range": { "timestamp": { "gt": "now-1h" } } } }'
headers => {
Accept => "application/json"
}
auth => {
user => "elastic"
password => "changeme"
}
}
}
request_timeout => 60
interval => 60
}
}
output {
stdout { codec => rubydebug }
}