Tuesday, February 27, 2018

Change ID in elasticsearch

By Hường Hana 8:30 AM <img src="//i.stack.imgur.com/817gJ.png" height="16" width="18" alt="" class="sponsor-tag-img">elasticsearch, logstash Leave a Comment

I'm having trouble with ElasticSearch, how can I change id to another field in log file ?

1 Answers

Answers 1

In the elasticsearch output you can set the document_id for the event you are shipping. This will end up being the _id in elasticsearch. You can use all sort of parameters / field references / ... that are available in logstash config. Like so:

elasticsearch {      host => yourEsHost     cluster => "yourCluster"     index => "logstash-%{+YYYY.MM.dd}"     document_id => "%{someFieldOfMyEvent}" }

In this example someFieldOfMyEvent ends up being the _id of this event in ES.

Coding Question

Tuesday, February 27, 2018

Change ID in elasticsearch

1 Answers

Answers 1

If You Enjoyed This, Take 5 Seconds To Share It

0 comments:

Post a Comment

Search

Popular Posts

Labels

Blog Archive

Find Us On Facebook