日志堆栈中的ElasticSearch_UPDATE_BY_QUERY错误[HTTP输出失败]遇到非2xx HTTP代码400 [英] Elasticsearch _update_by_query in logstash error [HTTP Output Failure] Encountered non-2xx HTTP code 400
本文介绍了日志堆栈中的ElasticSearch_UPDATE_BY_QUERY错误[HTTP输出失败]遇到非2xx HTTP代码400的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
Working_UPDATE_BY_QUERY调用-
POST /s1test-demo7/_update_by_query
{
"script": {
"source": "ctx._source.externaldata = params.externaldata",
"lang": "painless",
"params": {
"externaldata":{
"field1": "1",
"field2": "abc"
}
}
},
"query": {
"bool": {
"must": [
{ "match": { "h.req-id": "Test9GrpA"} },
{ "match": { "h.process-code": "DemoS99"} }
]
}
}
}
该接口在匹配已有单据的查询中,实际添加了";outteraldata";field,其中包含2个内部字段,作为嵌套json。
我需要有关logstash管道的帮助才能做到这一点-
input {
file {
id => "updatedata"
path => "D:/p3-test1.json"
start_position => "beginning"
sincedb_path => "D:/sdb/p3-test1.sdb"
}
}
filter {
json {
source => "message"
}
mutate {
add_field => {
"[script][lang]" => "painless"
"[script][source]" => "ctx._source.externaldata = params.externaldata"
"[script][params][externaldata][field1]" => "%{field1}"
"[script][params][externaldata][field2]" => "%{field2}"
"[query][bool][must][match][h.req-id]" => "%{req-id}"
"[query][bool][must][match][h.process-code]" => "%{process-code}"
}
}
}
output {
stdout {
codec => rubydebug
}
http {
url => "http://localhost:9200/s1test-demo7/_update_by_query"
headers => { "Authorization" => "Basic ZWxhc3RpYzplbGFzdGlj" }
http_method => "post"
format => "json"
}
}
logstash管道必须包括身份验证,否则我会收到HTTP错误401。但是我不确定这里的语法是否正确。文档和ElasticSearch论坛帖子在http输出插件标题中有各种变化。
Logstash输出-
[2021-05-29T20:14:13,226][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
{
"host" => "mypc",
"@version" => "1",
"req-id" => "Test9GrpA",
"field2" => "default",
"@timestamp" => 2021-05-29T14:44:13.521Z,
"field1" => "1",
"query" => {
"bool" => {
"must" => {
"match" => {
"h.process-code" => "DemoS99",
"h.req-id" => "Test9GrpA"
}
}
}
},
"message" => "{"req-id":"Test9GrpA","process-code":"DemoS99","field1":"1","field2":"default"}
",
"process-code" => "DemoS99",
"script" => {
"lang" => "painless",
"params" => {
"externaldata" => {
"field2" => "default",
"field1" => "1"
}
},
"source" => "ctx._source.externaldata = params.externaldata"
},
"path" => "D:/p3-test1.json"
}
[2021-05-29T20:14:14,268][ERROR][logstash.outputs.http ][main][2bc46338fec26d73c819043dac159f1d12397fefc800c84c7d2e0f0d16b278c2] [HTTP Output Failure] Encountered non-2xx HTTP code 400 {:response_code=>400, :url=>"http://localhost:9200/s1test-demo7/_update_by_query", :event=>#<LogStash::Event:0x2badd231>}
请帮帮忙。
推荐答案
可以将脚本部分切换到";http
";输出插件,而不是使用过滤部分中的";painless
";脚本。
output {
stdout {
codec => rubydebug
}
if "externallogs" in [tags] {
http {
url => "http://localhost:9200/s1test-demo7/_update_by_query"
headers => { "Authorization" => "Basic ZWxhc3RpYzplbGFzdGlj" }
http_method => "post"
format => "message"
content_type => "application/json"
message => '{
"script": {
"source": "ctx._source.externaldata = params.externaldata",
"lang": "painless",
"params": {
"externaldata":{
"field1": "%{field1}",
"field2": "%{field2}"
}
}
},
"query": {
"bool": {
"must": [
{ "match": { "h.req-id": "%{req-id}"} },
{ "match": { "h.process-code": "%{process-code}"} }
]
}
}
}'
}
}
}
这篇关于日志堆栈中的ElasticSearch_UPDATE_BY_QUERY错误[HTTP输出失败]遇到非2xx HTTP代码400的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文