I try to integrade child data with logstash but I can't.
For example I tried to use a _parent field with the value of the parent id but it did'nt work.
Do you have any idea ?
You can't do this with logstash unfortunately.
This is kinda sad, actually. It appears that some work has already been done in that direction, all that seems to be missing is somebody writing a test: https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/175
1 Like
Feel free to +1 the PR so it gets some attention 
Perhaps you can 'workaround' using the nested field syntax ?
i.e.
%{NUMBER:[cpu][load1]:float}
%{NUMBER:[cpu][load5]:float}
%{NUMBER:[cpu][load15]:float}
which should translate to elastic fields like cpu.load1 etc.
Hope to help,
Thorsten
Wouldn't that be a nested relationship as opposed to parent-child relationship?