Hello everyone, Through logstash, I want to query elasticsearch in order to get fields from previous events and do some computation with fields of my current event and add new fields. Here is what I did: input file: {"device":"device1","count":5} {"device":"device2","count":11} {"device":"devic…

Logstash: problem for querying elasticsearch

Alaska (Rob de Vries) June 16, 2016, 3:42pm 9

See here:

Seems the documentation on Elasticsearch filter plugin | Logstash Reference [8.11] | Elastic is wrong still. I did what was posted and changed

fields => ["field1", "field2"]

fields => [["field1", "field2"]]

and it worked for me as well. Was running into the same error as you with Logstash 2.3.2.

Elasticsearch not immediately available for search through Logstash

Topic		Replies	Views
Failed to query elasticsearch for previous event Logstash	1	1818	July 6, 2017
Logstash read new data in elasticsearch as input? Logstash	8	2538	July 6, 2017
Elasticsearch filter plugin query failure Logstash	2	936	July 6, 2017
Filter Plugin: Elasticsearch Logstash	7	2231	July 6, 2017
Finding time difference between two events with in a single batch of logstash Elasticsearch	6	1035	October 7, 2019