I have following configuration in my logstash pipeline, I want to schedule to run the query for specific hour every day (schedule => "*/5 * * * *" already working) , but it doesn't work. I have a distributed environment that logstash and elasticsearch servers are seperated..two questions : 1.where the schedule reads date from ?
2.what is the timezone used for scheduling?
input{
elasticsearch {
hosts => "ip:9200"
index => "indexname"
user => "user"
password => "elastic"
query => '{ "query": { "query_string": { "query": "*" } } }'
schedule => "*/5 17 * * *" #Specifies how often the query should be executed. In this case, it's set to run every 5 minutes
size => 1500 #Specifies the maximum number of documents to retrieve per query
scroll => "5m" #Specifies how long Elasticsearch should keep the search context open for the query. In this case, it's set to 5 minutes
docinfo => true
}
}
filter {}
output {
if "API_REQUEST" in [message] {
jdbc {
driver_jar_path => '/usr/share/logstash/vendor/jar/jdbc/mssql-jdbc-12.2.0.jre8.jar'
connection_string => "jdbc:sqlserver://ip:1433;databaseName=izdb;user=user;password=pass;ssl=false;trustServerCertificate=true"
enable_event_as_json_keyword => true
statement => [
"INSERT INTO Transaction (document_id, logLevel, timestamp) VALUES (?,?,?)",
"document_id",
"logLevel",
"timestamp"
]
}
}
}
}