logstash基于输入的弹性搜索输出配置

时间:2016-12-07 08:09:51

标签: elasticsearch logstash-configuration

有什么方法可以使用logstash配置文件来相应地使用不同的类型/索引来扩展输出?

例如,

output {
 elasticsearch {
    hosts => ["localhost:9200"]
    index => "index_resources"
    if(%{some_field_id}==kb){
         document_type => "document_type"
         document_id => "%{some_id}"
    }
   else {
        document_type => "other_document_type"
        document_id => "%{some_other_id}"
   }
}

1 个答案:

答案 0 :(得分:1)

是的,您可以将文档路由到logstash内的多个索引。 Output看起来像这样:

output {  
    stdout {codec => rubydebug}
    if %{some_field_id} == "kb" {  <---- insert your condition here
        elasticsearch {  
            host => "localhost"  
            protocol => "http"  
            index => "index1"
            document_type => "document_type"
            document_id => "%{some_id}"   
        }
    } else {
        elasticsearch {  
            host => "localhost"  
            protocol => "http"  
            index => "index2"
            document_type => "other_document_type"
            document_id => "%{some_other_id}"   
        }
    }
}

thread也可能对您有所帮助。

相关问题
最新问题