Upsert solution Logstash

Vincent001 · December 8, 2022, 9:56am

Hello,
I have a solution with filebeat(on server) -> logstash(on server) -> elasticsearch(as service)

i have to ingest data from file.log in json format.
each row have an "GUID" element wich is use for upsert. there is the structure of a row generate by workflow:

{"connectorid":"1600140", **"endtime":"", "starttime":"2022-12-02 09:30:00.000"**, "completed":"false", "type":"scripting-groovy-script", "activityid":"1700283", "elementname":"assignationTache", "writetime":"2022-12-02 09:29:52.165", "loglevel":"INFO", "caseid":"81015", **"guid":"81015-1700283-1600140"**, "notificationtype":"Connector", **"state":"INITIALIZING"**, "parentobjectid":"81015-1700283", "rootcaseid":"81014"}

an another step of the same workflow:

{"connectorid":"1600140", **"endtime":"", "starttime":""**, "completed":"false", "type":"scripting-groovy-script", "activityid":"1700283", "elementname":"assignationTache", "writetime":"2022-12-02 11:00:00.000", "loglevel":"INFO", "caseid":"81015", **"guid":"81015-1700283-1600140"**, "notificationtype":"Connector", **"state":"PROCESS"**, "parentobjectid":"81015-1700283", "rootcaseid":"81014"}

the final step of the workflow:

{"connectorid":"1600140", **"endtime":"2022-12-02 11:30:00.000", "starttime":""**, "completed":"true", "type":"scripting-groovy-script", "activityid":"1700283", "elementname":"Vérifier informations", "writetime":"2022-12-02 11:30:00.000", "loglevel":"INFO", "caseid":"81015", **"guid":"81015-1700283-1600140"**, "notificationtype":"Activity", **"state":"DONE",** "parentobjectid":"81015-1700283", "rootcaseid":"81014"}

Actually i have this configuration in logstash.conf:

input {
  beats{
    port => 5044
    add_field => {
      "[@metadata][target_index]" => "index-bonita-qal-processlog-%{+YYYY-MM-dd}"
    }  
  }
}

# filtre qui permet de parser la donnee entrante
filter {
  json {
  source => "message"
  target => "fields"
  }
  mutate {
  add_field => { "[@metadata][target_document_id]" => "%{[fields][guid]}" }
  }
}
# configuration de sortie
output {
    elasticsearch {
      hosts => ["<elasticsearch_endpoint>"]
      user => "<username>"
      password => "<password>"
      proxy => "<proxy_endpoint>"
      index => "%{[@metadata][target_index]}"
      document_id => "%{[@metadata][target_document_id]}"
      doc_as_upsert => true
    }
}

actually it's working, the same GUID element are update with the new step of workflow, but i would like to conserved the initiale "starttime" value because this value is not store in the application. And i have no idea how can i store the initiale value of starttime to be insert after each upsert of the same GUID element.

system · January 5, 2023, 9:57am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Using upsert to update existing record base on value in fields Elasticsearch	2	466	September 30, 2022
Json file from filebeat to Logstash and then to elasticsearch Beats filebeat	13	8083	December 27, 2017
JSON file input to Filebeat sending data to Logstash and then to Azure Data Explorer Beats filebeat	7	964	March 22, 2021
Filebeat shipped json file : how to get needed fields? Logstash	2	835	July 6, 2017
Sending json data into elasticsearch using filebeat and logstash Elasticsearch	1	370	February 5, 2019

Upsert solution Logstash

Related Topics