Using script params - elasticsearch output plugin

Elastic Stack Logstash
1

Hello,

I was trying to use script params in scripted updates in the elasticsearch output plugin of logstash but I was unsure of how to do it. Currently, we two types of scripted updates:

                                script_lang => "painless"
			        script_type => "inline"                                
                                script => '
					ctx._source.name_servers = "%{name_servers}";
					ctx._source.past_name_servers.add("%{past_name_servers}");
				'

Where my event has fields "name_servers" and "past_name_servers", it's a flat event object as the content is not nested. Is there a way for me to use script params within logstash?

Thanks in advance!

*Currently using logstash 5.1.2 and elasticsearch 5.0.1

2 Likes
2

Hi,

You can try following to get logstash event from script. (I do this in file script, but I suppose it works the same way for inline)

params.event.get("name_servers")

1 Like
3

Hey,

I wanted to report back and tell you that this did the trick.

Thank you so much!

4

Hello,
can you put your logstash output config and your script file ?
It can be very useful.

Regards,

5

Hello,

I don't have a script file, I use inline. However, using params brought down the number of compilations tremendously as per the stats api.

Output config (with some information populated by an Ansible playbook):

output{
		elasticsearch {
			hosts => [{% for host in groups['es_data_nodes'] %}"{{ host }}"{% if not loop.last %},{% endif %}{% endfor %}]
			index => "{{ dest_index}}"
			manage_template => false
			flush_size => {{ batch_size }}
			routing => "%{domain_name}"
			action => "update"
			document_id => "%{domain_name}"
			script_lang => "painless"
			script_type => "inline"
			script => '
				ctx._source.is_registered = params.event.get("is_registered");
				ctx._source.last_deregistered = params.event.get("last_deregistered");
				ctx._source.deregistered_history.add(params.event.get("deregistered_history"));
			'
		}
}
1 Like
6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.