Query_Template Format in Elastic Search filter plugin

paul1243 · July 4, 2018, 6:02am

Hi -
I just trying to run a GET request with the dsl script using the query_template config in ES filter plugin on logstash. I believe something is wrong with the JSON request . Could someone please help me out.

template.json:

 GET test_data-*/_search
 {
    "aggs": {
            "2": {
                "terms": {
                    "field": "job_name.keyword",
                    "include": "Sanity_Job",
                    "size": 1,
                    "order": {
                        "_term": "desc"
                    }
                },
                "aggs": {
                    "passed": {
                        "sum": {
                            "field": "Passed"
                        }
                    },
                    "failed": {
                        "sum": {
                            "field": "Failed"
                        }
                    },
                    "skipped": {
                        "sum": {
                            "field": "Skipped"
                        }
                    }
                }
            }
        },
        "query": {
            "bool": {
                "must": [
                    "range": {
                        "@timestamp": {
                            "gte": "now-7d/d",
                            "lte": "now"
                        }
                    }
                ]
            }
        }
    }

logstash config:

filter {
 elasticsearch {
   hosts => "http://localhost:9200"
   index => "test_results-*"
   query_template => "template.json"
 }
}

system · August 1, 2018, 6:02am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.