发表新帖
发表新帖

Change ID in elasticsearch

前端 未结
关注
1 1722
日久生厌
日久生厌 2021-01-04 05:37

I\'m having trouble with ElasticSearch, how can I change id to another field in log file ?

1条回答
  • 生来不讨喜
    生来不讨喜 (楼主)
    2021-01-04 05:47

    In the elasticsearch output you can set the document_id for the event you are shipping. This will end up being the _id in elasticsearch. You can use all sort of parameters / field references / ... that are available in logstash config. Like so:

    elasticsearch { 
    host => yourEsHost
    cluster => "yourCluster"
    index => "logstash-%{+YYYY.MM.dd}"
    document_id => "%{someFieldOfMyEvent}"
}

    In this example someFieldOfMyEvent ends up being the _id of this event in ES.

    0 讨论(0)
 看不清?
提交回复
热议问题