I have a logstash jdbc pull that updates an index of device information at hourly intervals. That index is used by an enrich processor to add the device information, like sector, country, lat/long, to the data we ingest from those devices, like syslog data. I believe I need to execute an _execute on the enrichment policy after each update but I do not think I can do that from logstash. My solution has been to set a crontab to fire a PUT /_enrich/policy/my-policy/_execute just after the logstash pull executes. Is that the proper solution or is there another way?
I think that's the only way.
Once you update the source index for an enrich policy, the new .enrich-* index with the updated data will only be created after you run the _execute on your policy.
There is still nothing in Elasticsearch or Kibana that would allow you to automate this, so using a external request is the only solution, in your case your crontab job.
There is this old feature request asking for the implementation of some kind of way to schedule the execution of enrich policies.
OK. Thanks for the quick response Leandro.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.