Hi,
I am on Logstash 2.4 and trying to query only selective fields ["@timestamp", "user"] from Elasticsearch 2.4 using the input plugin "elasticsearch".
Using the search API for Elasticsearch, I could search for specific fields however using the elasticsearch input plugin, I could only figure out that the "query" either takes a value in a field for a match or match_all which returns all possible matches.
What I am expecting is to see all the values for the fields ["@timestamp", "user"] from the events so that I can further process them writing to the disk.
Could any one suggest the best way to deal with this please ?
Thanks