Logstash input plugin "elasticsearch" to query only selective fields

krlplm · October 31, 2016, 5:25pm

Hi,

I am on Logstash 2.4 and trying to query only selective fields ["@timestamp", "user"] from Elasticsearch 2.4 using the input plugin "elasticsearch".

Using the search API for Elasticsearch, I could search for specific fields however using the elasticsearch input plugin, I could only figure out that the "query" either takes a value in a field for a match or match_all which returns all possible matches.

What I am expecting is to see all the values for the fields ["@timestamp", "user"] from the events so that I can further process them writing to the disk.

Could any one suggest the best way to deal with this please ?

Thanks

magnusbaeck · November 3, 2016, 6:34am

What does your configuration look like? What results are you getting? What results did you expect?

Topic		Replies	Views
How to query the index and only get specific indecies Logstash	3	448	March 27, 2017
Elasticsearch input plugin tracking timestamp Logstash	1	424	February 25, 2020
Add filter to send specific fields to elasticsearch Logstash	12	1617	March 12, 2019
Elasticsearch Input Filter Returns %{message} Logstash	2	865	March 13, 2017
Parsing specific values from logs in logstash configuration Logstash	9	984	March 16, 2017

Logstash input plugin "elasticsearch" to query only selective fields

Related topics