I am trying to read events from a s3 bucket and index them into elasticsearch. Everything works fine if I have a single input and output and I used to be able to use a conditional like
if [metricset] {
elasticsearch {
hosts => ["elasticsearch:9200"]
index => "metricbeat-%{+YYYY.MM.dd}"
}
}
however now that type field is gone I am having trouble isolating the metricbeat events to their own index...
H
That's the type field in Elasticsearch, you can still use it in Logstash to build your conditionals./
what type would that be? Since the events don't get to ES it isn't easy to view the events...
I have tried :
if [metricset.name] == "network"
if [type] == "metricset"
if [metricset]
all to no avail...
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.