我试图使用http_poller从ElasticSearch获取数据并将它们写入另一个ES。执行此操作时,ES查询需要作为POST请求完成。 在提供的示例中,我找不到shoukd用于发布正文的参数,它从ruby引用了manticore客户端。基于此,我使用了params参数来发布正文。
http_poller组件看起来像这样
input {
http_poller {
urls => {
some_other_service => {
method => "POST"
url => "http://localhost:9200/index-2016-03-26/_search"
params => '"query": { "filtered": { "filter": { "bool": { "must": [ { "term": { "SERVERNAME": "SERVER1" }}, {"range": { "eventtime": { "gte": "26/Mar/2016:13:00:00" }}} ]}}} }"'
}
}
# Maximum amount of time to wait for a request to complete
request_timeout => 300
# How far apart requests should be
interval => 300
# Decode the results as JSON
codec => "json"
# Store metadata about the request in this key
metadata_target => "http_poller_metadata"
}
}
output {
stdout {
codec => json
}
}
执行此操作时,Logstash会出错, 错误:名称可能不为null {:level =>:error}
感谢任何帮助。
我的猜测是,params需要是真正的键值对,但问题是如何使用logstash发布查询。
我提到此链接以获取HTTP客户端的可用选项 https://github.com/cheald/manticore/blob/master/lib/manticore/client.rb
答案 0 :(得分:2)
因为当我尝试不同的选项时我得到了答案,我想我也会分享解决方案。
在上面的有效载荷中将params替换为body。
使用HTTP Poller执行帖子的正确有效负载是
input {
http_poller {
urls => {
some_other_service => {
method => "POST"
url => "http://localhost:9200/index-2016-03-26/_search"
body=> '"query": { "filtered": { "filter": { "bool": { "must": [ { "term": { "SERVERNAME": "SERVER1" }}, {"range": { "eventtime": { "gte": "26/Mar/2016:13:00:00" }}} ]}}} }"'
}
}
# Maximum amount of time to wait for a request to complete
request_timeout => 300
# How far apart requests should be
interval => 300
# Decode the results as JSON
codec => "json"
# Store metadata about the request in this key
metadata_target => "http_poller_metadata"
}
}
output {
stdout {
codec => json
}
}