Logstash是否支持Elasticsearch的_update_by_query? [英] Does Logstash support Elasticsearch's _update_by_query?

查看:287
本文介绍了Logstash是否支持Elasticsearch的_update_by_query?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

Elasticsearch输出插件是否支持elasticsearch的_update_by_query? https://www.elastic.co/guide/zh/logstash/6.5/plugins-outputs-elasticsearch.html https://www.elastic. co/guide/zh-CN/elasticsearch/reference/current/docs-update-by-query.html

Does the Elasticsearch output plugin support elasticsearch's _update_by_query? https://www.elastic.co/guide/en/logstash/6.5/plugins-outputs-elasticsearch.html https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-update-by-query.html

推荐答案

elasticsearch输出插件只能调用_bulk端点,即使用

The elasticsearch output plugin can only make calls to the _bulk endpoint, i.e. using the Bulk API.

如果要调用按查询更新API,则需要使用 http 输出插件,并在事件内部构造查询.如果您解释了您要实现的目标,我可以提供更多详细信息来更新我的答案.

If you want to call the Update by Query API, you need to use the http output plugin and construct the query inside the event yourself. If you explain what you want to achieve, I can update my answer with some more details.

注意:有一个问题请求此功能,但两年后仍然开放.

Note: There's an issue requesting this feature, but it's still open after two years.

更新

因此,如果您的输入事件是{"cname":"wang", "cage":11},并且您想通过查询所有使用"cname":"wang"设置为"cage":11的文档来进行更新,则查询需要如下所示:

So if your input event is {"cname":"wang", "cage":11} and you want to update by query all documents with "cname":"wang" to set "cage":11, your query needs to look like this:

POST your-index/_update_by_query
{
  "script": {
    "source": "ctx._source.cage = params.cage",
    "lang": "painless",
    "params": {
      "cage": 11
    }
  },
  "query": {
    "term": {
      "cname": "wang"
    }
  }
}

因此您的Logstash配置应如下所示(您的输入可能会有所不同,但我使用stdin进行测试):

So your Logstash config should look like this (your input may vary but I used stdin for testing purposes):

input {
  stdin {
    codec => "json"
  }
}
filter {
  mutate {
    add_field => {
      "[script][lang]" => "painless"
      "[script][source]" => "ctx._source.cage = params.cage"
      "[script][params][cage]" => "%{cage}"
      "[query][term][cname]" => "%{cname}"
    }
    remove_field => ["host", "@version", "@timestamp", "cname", "cage"]
  }
}
output {
  http {
    url => "http://localhost:9200/index/doc/_update_by_query"
    http_method => "post"
    format => "json"
  }
}

这篇关于Logstash是否支持Elasticsearch的_update_by_query?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆