使用elasticsearch input plugin加载Elastic Search索引时如何只加载特定字段
How to load specific fields only when load Elastic Search index to use elasticsearch input plugin
我尝试使用日志存储将数据从 Elastic Search 的索引移动到另一个索引。
并且,我希望将特定字段(世界)从 logstash 索引移动到测试索引。
因此,我创建了一个 logstash 配置文件。
这样的配置文件。
input {
elasticsearch {
hosts => "hostname"
index => "logstash-2017.03.17"
query => `{"fileds" : ["world"]}`
}
filter {
}
output {
elasticsearch {
hosts => "hostname"
index => "test-${+YYYY.MM.DD}"
action => "index"
}
}
但是,logstash 不是 运行 错误
A plugin had an unrecoverable error. Will restart this plugin.
Plugin: <LogStash::Inputs::Elasticsearch hosts=>["tales-gameelk"], index=>"logstash-2017.03.23", query=>"\"fields\" : [\"world\"]", codec=><LogStash::Codecs::JSON charset=>"UTF-8">, scan=>true, size=>1000, scroll=>"1m", docinfo=>false, docinfo_target=>"@metadata", docinfo_fields=>["_index", "_type", "_id"], ssl=>false>
Error: [400] {"error":{"root_cause":[{"type":"parse_exception","reason":"Failed to derive xcontent"}],"type":"search_phase_execution_exception","reason":"all shards failed","phase":"init_scan","grouped":true,"failed_shards":[{"shard":0,"index":"logstash-2017.03.23","node":"5tE8NEF5T5uQbdrjb4yFiQ","reason":{"type":"parse_exception","reason":"Failed to derive xcontent"}}]},"status":400} {:level=>:error}
我该如何解决这个问题?
您的 elasticsearch 输入格式不正确。试试这个:
input {
elasticsearch {
hosts => "hostname"
index => "logstash-2017.03.17"
query => '{"_source" : ["world"]}'
}
}
我尝试使用日志存储将数据从 Elastic Search 的索引移动到另一个索引。
并且,我希望将特定字段(世界)从 logstash 索引移动到测试索引。
因此,我创建了一个 logstash 配置文件。
这样的配置文件。
input {
elasticsearch {
hosts => "hostname"
index => "logstash-2017.03.17"
query => `{"fileds" : ["world"]}`
}
filter {
}
output {
elasticsearch {
hosts => "hostname"
index => "test-${+YYYY.MM.DD}"
action => "index"
}
}
但是,logstash 不是 运行 错误
A plugin had an unrecoverable error. Will restart this plugin.
Plugin: <LogStash::Inputs::Elasticsearch hosts=>["tales-gameelk"], index=>"logstash-2017.03.23", query=>"\"fields\" : [\"world\"]", codec=><LogStash::Codecs::JSON charset=>"UTF-8">, scan=>true, size=>1000, scroll=>"1m", docinfo=>false, docinfo_target=>"@metadata", docinfo_fields=>["_index", "_type", "_id"], ssl=>false>
Error: [400] {"error":{"root_cause":[{"type":"parse_exception","reason":"Failed to derive xcontent"}],"type":"search_phase_execution_exception","reason":"all shards failed","phase":"init_scan","grouped":true,"failed_shards":[{"shard":0,"index":"logstash-2017.03.23","node":"5tE8NEF5T5uQbdrjb4yFiQ","reason":{"type":"parse_exception","reason":"Failed to derive xcontent"}}]},"status":400} {:level=>:error}
我该如何解决这个问题?
您的 elasticsearch 输入格式不正确。试试这个:
input {
elasticsearch {
hosts => "hostname"
index => "logstash-2017.03.17"
query => '{"_source" : ["world"]}'
}
}