我在Elasticsearch中使用简单的嵌套对象创建了一个索引。使用logstash JDBC聚合过滤器,我试图加载文档及其嵌套对象。基本上,我创建了一个“门票”索引,并有一个嵌套的“发票”对象。我的用例将导致票证和发票之间的1:M关系。使用SQL查询,我得到的门票和发票。我提供了我的logstash配置文件。当我第一次运行时,它会正确创建票证和发票嵌套对象。我删除了索引,然后再次尝试同样的方法来装入票证,但是这次它不会在票证中创建发票。它只列出一张发票。当我再次删除索引并运行它时,有时会正确显示发票,但并非总是如此。我没有更改logstash conf文件,只是多次运行结果不同。不知道为什么它一次又一次运行,如果我不运行它而不创建发票列表,它只是显示绑定到票证的第一个发票。感谢您的帮助。谢谢。
index:
------
{
"mappings": {
"tickets": {
"properties": {
"custid": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"custname": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"custpo": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"plantid": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"plantname": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"ticketid": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"tktdate": {
"type": "date"
},
"htname": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"htaddr1": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"htaddr2": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"truckid": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"prodid": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"proddesc": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"jobid": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"invprds": {
"type": "nested",
"properties": {
"invnum": {
"type": "integer"
},
"invdate": {
"type": "date"
}
}
}
}
}
}
}
logstash conf file:
--------------------
input {
jdbc {
jdbc_driver_library => "C:/DRIVERS/ojdbc6.jar"
jdbc_driver_class => "Java::oracle.jdbc.driver.OracleDriver"
jdbc_connection_string => "sample connection string"
jdbc_user => "user"
jdbc_password => "password"
jdbc_validate_connection => "true"
statement => "select DISTINCT TRES.ticketid, TRES.tktdate, TRES.plantid, TRES.plantname, TRES.custid, TRES.custname, TRES.custpo, TRES.htname, TRES.htaddr1, TRES.htaddr2, TRES.truckid, TRES.prodid, TRES.proddesc,TRES.jobid, IPRD.invnum, IPRD.invdate from erocks.TICKETFIELDS_RES TRES left outer join erocks.invoice_prod IPRD on TRES.ticketid = IPRD.TICKETNUMBER and TRES.tktdate = IPRD.SHIPDATE and TRES.PLANTID =IPRD.BUNUMBER left outer join erocks.INVOICE_HEADER IHDR on IPRD.INVNUM = IHDR.INVNUM where TRES.ticketid = \'101012\' order by 1,2,3"
}
}
filter {
aggregate {
task_id => "%{ticketid}%{tktdate}%{plantid}"
code => "
map['ticketid'] = event.get('ticketid')
map['tktdate'] = event.get('tktdate')
map['custid'] = event.get('custid')
map['plantid'] = event.get('plantid')
map['custname'] = event.get('custname')
map['custpo'] = event.get('custpo')
map['plantname'] = event.get('plantname')
map['htname'] = event.get('htname')
map['htaddr1'] = event.get('htaddr1')
map['htaddr2'] = event.get('htaddr2')
map['truckid'] = event.get('truckid')
map['prodid'] = event.get('prodid')
map['proddesc'] = event.get('proddesc')
map['jobid'] = event.get('jobid')
map['invprds'] ||= []
map['invprds'] << {
'invnum' => event.get('invnum'),
'invdate' => event.get('invdate')
}
event.cancel()
"
push_previous_map_as_event => true
timeout => 3
#timeout_tags => ['aggregated']
}
}
output {
elasticsearch {
action => "index"
hosts => "http://localhost:9200"
index => "poctickets"
document_type => "tickets"
document_id => "%{ticketid}%{tktdate}%{plantid}"
workers => 1
}
stdout{
codec => rubydebug
}
}