我无法弄清楚如何通过Logstash将我的json从stdin索引到ElasticSearch。这是我的配置:
input {
stdin {
codec => "json"
}
}
filter {
json {
source => "results"
}
}
output {
elasticsearch {
action => index
document_id => "%{objectId}"
document_type => "result"
embedded => true
index => "my_index"
}
stdout {
codec => "json"
}
}
我使用以下输入运行Logstash:
{"results": "{\"objectId\": \"hello\", \"name\" : \"world\"}"}
如果你想知道为什么我需要“结果”字段,那是因为真正的输入是一个JSON对象,其中“results”字段包含要索引的JSON。 当我尝试使用上面的行运行时,我收到以下错误:
failed action with response of 400, dropping action: ["index", {:_id=>"hello", :_index=>"my_index", :_type=>"result", :_routing=>nil}, #<LogStash::Event:0x57cf4ab @metadata={"retry_count"=>0}, @accessors=#<LogStash::Util::Accessors:0x31bbe100 @store={"results"=>"{\"objectId\": \"hello\", \"name\" : \"world\"}", "@version"=>"1", "@timestamp"=>"2015-05-30T05:59:23.972Z", "host"=>"laptop", "objectId"=>"hello", "name"=>"world"}, @lut={"host"=>[{"results"=>"{\"objectId\": \"hello\", \"name\" : \"world\"}", "@version"=>"1", "@timestamp"=>"2015-05-30T05:59:23.972Z", "host"=>"laptop", "objectId"=>"hello", "name"=>"world"}, "host"], "results"=>[{"results"=>"{\"objectId\": \"hello\", \"name\" : \"world\"}", "@version"=>"1", "@timestamp"=>"2015-05-30T05:59:23.972Z", "host"=>"laptop", "objectId"=>"hello", "name"=>"world"}, "results"], "objectId"=>[{"results"=>"{\"objectId\": \"hello\", \"name\" : \"world\"}", "@version"=>"1", "@timestamp"=>"2015-05-30T05:59:23.972Z", "host"=>"laptop", "objectId"=>"hello", "name"=>"world"}, "objectId"]}>, @data={"results"=>"{\"objectId\": \"hello\", \"name\" : \"world\"}", "@version"=>"1", "@timestamp"=>"2015-05-30T05:59:23.972Z", "host"=>"laptop", "objectId"=>"hello", "name"=>"world"}, @metadata_accessors=#<LogStash::Util::Accessors:0x29458b08 @store={"retry_count"=>0}, @lut={}>, @cancelled=false>] {:level=>:warn}
我做错了什么?