Parent-Child Relationship with logstash

Hornov · November 2, 2015, 5:04pm

I try to integrade child data with logstash but I can't.
For example I tried to use a _parent field with the value of the parent id but it did'nt work.
Do you have any idea ?

warkolm · November 3, 2015, 12:43am

You can't do this with logstash unfortunately.

drdebian · November 3, 2015, 6:03am

This is kinda sad, actually. It appears that some work has already been done in that direction, all that seems to be missing is somebody writing a test: https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/175

warkolm · November 3, 2015, 7:03am

Feel free to +1 the PR so it gets some attention

Thorsten_Nickel · November 3, 2015, 8:22am

Perhaps you can 'workaround' using the nested field syntax ?

i.e.

%{NUMBER:[cpu][load1]:float}
%{NUMBER:[cpu][load5]:float}
%{NUMBER:[cpu][load15]:float}

which should translate to elastic fields like cpu.load1 etc.

Hope to help,
Thorsten

alaviamir · June 27, 2016, 7:52pm

Wouldn't that be a nested relationship as opposed to parent-child relationship?

Topic		Replies	Views
Create Parent-Child relationship with Logstash Logstash	4	993	February 9, 2022
Parent/child in logstash Logstash	1	338	February 7, 2020
Define Parent-Child Relationship in Logstash Logstash	3	5186	July 6, 2017
How to create a parent using the new join type with logstash Logstash	2	5375	March 21, 2018
Parent/child with logstash 2.0 or 2.1 Logstash	3	906	July 6, 2017

Parent-Child Relationship with logstash

Related topics