我已将使用Elasticsearch的logstash配置为输入和输出参数,如下所示:
输入
{
elasticsearch {
hosts => ["hostname" ]
index => 'indexname'
type => 'type'
user => 'username'
password => 'password'
docinfo => true
query => '{ "query": { "match": { "first_name": "mary" } }}'
}
}
输出
{
elasticsearch {
hosts => ["hostname" ]
index => 'indexname'
user => 'username'
password => 'password'
}
}
我的索引数据如下:
PUT person/person/3
{
"first_name" : "mary"
}
PUT person/person/4
{
"first_name" : "mary.m"
}
PUT person/person/5
{
"first_name" : "mary.k"
}
当我在ES上查询以下查询时
GET indexname/_search
{
"query": {
"match": {
"first_name": "mary"
}
}
}
它返回
{
"took": 1,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 1,
"max_score": 0.2876821,
"hits": [
{
"_index": "person",
"_type": "person",
"_id": "3",
"_score": 0.2876821,
"_source": {
"first_name": "mary"
}
}
]
}
}
虽然logstash管道已成功启动,但它不会在ES中记录此查询,因为我使用了查询"匹配":{" first_name":" mary"在输入部分。
答案 0 :(得分:1)
由于您的ES使用HTTPS运行,因此您需要将ssl => true添加到elasticsearch输入配置
input {
elasticsearch {
hosts => ["hostname" ]
index => 'indexname'
type => 'type'
user => 'username'
password => 'password'
docinfo => true
ssl => true <--- add this
query => '{ "query": { "match": { "first_name": "mary" } }}'
}
}