user_profiles - main object
---educations - array of object (man can have many educational degrees)
---experiences - array of object (many can have many experiences)
These both indexes are getting merged with final objects having fields from both the different confs
If only one of these confs is running only one index with proper documents are getting populated
but if both the confs are active -- both the new indexes "experiences" and "educationals" are getting mangled
Please help I am confused and cant understand what is happening. Both these confs are reacting in some weird manner when both are active else alone they are working fine !!!
Thanks in advance
----------educational.conf----------
filter {
ruby {
code => '
edu = event.get("educations")
edu.each do |i|
i["roles"]= event.get("roles")
i["name"]= event.get("name")
i["total_experience"]= event.get("total_experience")
i["education"]= event.get("education")
end'
}
split {
field => "educations"
}
mutate {
rename => [
"[educations][_id]", "id",
"[educations][name]", "name",
"[educations][roles]", "roles",
"[educations][institute]", "institute",
"[educations][total_experience]", "total_experience",
"[educations][education]", "education",
"[educations][course]", "course"
]
remove_field => "educations"
}
}
output {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "educations"
document_type => "education"
document_id => "%{id}"
}
}
----------experiences.conf----------
filter {
ruby {
code => '
event.get("experiences").each do |i|
i["roles"] = event.get("roles")
end'
}
split {
field => "experiences"
}
mutate {
rename => [
"[experiences][_id]", "id",
"[experiences][__v]","__v",
"[experiences][name]", "name",
"[experiences][roles]", "roles",
"[experiences][designation]", "designation",
"[experiences][company]", "company",
"[experiences][doj]", "doj",
"[experiences][dol]", "dol"
]
remove_field => "experiences"
}
}
output {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "experiences"
document_type => "experience"
document_id => "%{id}"
}
}
~