REST calls for elastic search


(BHARATH MEKA) #1

Hi,

We would like to do a REST call to elastic search from a custom logstash plugin to pull the logs. These logs needs to be restricted on certain fields like userid and sessionid (we have these fields added while parsing the log messages). We are using the following URL to get these logs.

http://<<elk_server>>:9200/logstash-2016.02.08/_search?q=(userid:abc@abc.com)AND(sessionid:eNIw36_pT3ptVTAJSmYiov0)&fields=message

When we post this URL through a REST Client (mozilla Addon) we are getting the response. Now, we would like to do the same REST call from within a custom logstash plugin. We are using the following code to do a GET to the URL. But while parsing the response we see an error JSON::ParserError: unexpected token at ..
Note that, when I print the response code, it is 200.

@elk_url = 'http://<<elk_server>>:9200/logstash-2016.02.08/_search?q=(userid:abc@abc.com)AND(sessionid:eNIw36_pT3ptVTAJSmYiov0)&fields=message'
response_elk = RestClient.get @elk_url
log_messages = JSON.parse(response_elk)

Couple of questions:

  1. Are we using the correct URL for getting the logs we want?
  2. How to fix the parse error and get the "message" field from the response?
  3. Is there any example code where a REST call is made to elastic search from a logstash plugin?

**Note: **We are using Elasticsearch 1.7.0, Logstash 1.4.5

Any pointers is appreciated.

Regards,
Bharath


(Magnus B├Ąck) #2

Have you looked at the elasticsearch filter?


(system) #3