I want to use ES to index logs coming from different processes. Assume I
have 2 sources: ProcessA and ProcessB Logs from the processes are formatted
in json. Example log:
{"level":"DEBUG","logger":"REPOSITORY","timestamp":1405982400689,"attrs":{"profile":"ManagementServerA","organization":"FOOBAR"},"thread":"main","message":"Repository.store() : Stored successfully in /central/zone/cef9cccab964"}
How can I get ES to update multiple indexes when it sees a new document ?
In this case I want indices on the profile and organization values. Do I
have to
- Create indexes using the ES REST api before ES sees any logs.
- Supply an _index field to each json document
- Have multiple values in the _index field to indicate what indexes
must be updated ? i.e should I have: "_index": {"ManagementServerA" ,
"FOOBAR"}
Please let me know if this is the correct way to do this.
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/c299f3e4-eebc-43a4-ab23-894605b2a752%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.