Hello friends, I want to add some data to a new index according to a query from an existing index in elasticsearch. But I am facing a problem while doing this, I would be very happy if you could help me.
my conf file:
input {
elasticsearch {
hosts => "localhost:9200"
index => "my_old_index_name"
user => "my_username"
password => "my_password"
docinfo => true
query => '"_source": ["BuyerName","ImportCountryName"] , "query": {"bool": {"must": [{"match": {"ImportCountryName": ""}},{"wildcard": {"BuyerName": {"value": "sanayi"}} , "case_insensitive":true}]}}'
}
}
filter {
mutate{
remove_field => ["@timestamp","@version"]
}
fingerprint {
key => "my_key"
method => "MD5"
source => ["BuyerName"]
target => "[@metadata][generated_id]"
}
}
output {
stdout { codec => dots }
elasticsearch {
hosts => "localhost:9200"
index => "my_new_index_name"
document_id => "%{[@metadata][generated_id]}"
user => "my_user_name"
password => "my_password"
}
}
Actually this query works on kibana. I checked this.
GET my_old_index_name/_search
{
"_source": ["BuyerName","ImportCountryName"] ,
"query": {
"bool": {
"must": [
{"match": {
"ImportCountryName": ""
}},
{"wildcard": {
"BuyerName": {
"value": "sanayi",
"case_insensitive":true
}
}}
]
}
}
}
However, there is a problem with this query based on the error message.
Error Message:
[ERROR][logstash.javapipeline ][main] Pipeline error {:pipeline_id=>"main", :exception=>#<LogStash::Json::ParserError: Unexpected character (':' (code 58)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')
at [Source: (byte)""_source": ["BuyerName","ImportCountryName"] , "query": {"bool": {"must": [{"match": {"ImportCountryName": ""}},{"wildcard": {"BuyerName": {"value": "sanayi"}},"case_insensitive":true}]}}"; line: 1, column: 11]>}
Any ideas will help me a lot thanks in advance. 