Unable to create index properly in elastic search


(Arkapravo Das) #1

Hi All,
I am using elastic search 1.7 and logstash 1.5 basic version[no plugin installed]. I am trying to create a document to elastic search ,getting input from stdin

Here is my pipeline config:

input{
stdin{}
}

output{
elasticsearch {

	host => ["localhost:9200"]
	index =>"test"
	protocol => "http"
	document_type =>"details"
	manage_template =>"false"
	template => "C:\es_workspace\logstash-1.5.0\logstash-1.5.0\es_mapping\details.json"
    template_name => "details"
	
	}
} 

Here is my mapping details:
{
"test": {
"mappings": {
"details": {
"properties": {
"CustomerContactID": {
"type": "string",
"index": "not_analyzed",
"store": true
},
"OrderNo": {
"type": "string",
"index": "not_analyzed",
"store": true
},
"SellerOrganizationCode": {
"type": "string",
"index": "not_analyzed",
"store": true
}
}
}
}
}
}

My input to stdin is : {"test":{"SellerOrganizationCode":"TCO_US","CustomerContactID":"0123","OrderNo":"0123"}}

It is creating a document in elastic search, I can see but the properties of the document[as an example:SellerOrganizationCode should get populated with TCO_US, OrderNo should get populated with 0123] are not getting updated.

After doing some investigation, I found this:
The document getting created by logstash is like this:

Created_By_logstash

But if I create a document by elastic head[which populates the properties correctly] is like this:
Created_By_Head

The source of the previous document is having an extra element named "message".

Please help me here.


(Mark Walkom) #2

Why such old versions? Can you upgrade?

Basically you need the json codec in your Logstash, so that it pulls apart the message and creates separate fields. https://www.elastic.co/guide/en/logstash/current/plugins-codecs-json.html


(Arkapravo Das) #3

It worked with the codec. Thanks a ton.

To your question: why such older versions? ,
What is the latest version of logstash I can use with 1.7 elastic search?


(Mark Walkom) #4

The latest is 6.2.1.


(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.