Update to elasticsearch fails when lines are parsed one after another

aviv.ratzon · July 21, 2016, 4:15am

Hi there,
I'm using logstash to send parsed log data to ES. If some field is the same as the one of the previous line, only a few fields are kept and logstash should update the document that was created by the previous line.

The problem is as I understand that logstash sends bulk requests, and so each time I get document not found exception, becaus the previous line's documnet hasn't been created yet.

Does anybody know some kind of workaround for this?

Thank you,
Aviv

muhamadli302 · July 21, 2016, 12:53pm

Hi Aviv,

Take a look at the [elasticsearch filter plugin] (https://www.elastic.co/guide/en/logstash/current/plugins-filters-elasticsearch.html), it might help you.

Topic		Replies	Views
Logstash [7.8] problem with an elastic update doc Logstash	3	292	November 24, 2020
Mongodb-input-logstash problem Logstash	1	330	June 17, 2019
Update Existing document through logstash Logstash	5	1352	April 28, 2023
Elasticsearch Filter: Facing issue when using elasticsearch filter with logstash Elasticsearch	10	628	December 10, 2020
Logstash Update or Insert - logic for updating if existing Logstash	4	14376	April 13, 2017

Update to elasticsearch fails when lines are parsed one after another

Related topics