Logstash-plugin elasticsearch:在logstash中应用执行搜索 [英] Logstash-plugin elasticsearch: apply executing searches in logstash
问题描述
这是我的搜索查询我的elasticsearch数据库(它工作正常):
Here is my excuting search to query my elasticsearch database (it works fine):
curl -XPOST 'localhost:9200/test/_search?pretty' -d '
{
"size":1,
"query": {
"match": {
"log.device":"xxxx"
}
},
"sort" : [ {
"_timestamp" :
{
"order":"desc"
}
}]
}'
我想通过使用插件弹性搜索的logstash来做同样的事情。但是,网站中没有尺寸选项。 https://www.elastic.co/guide/en/logstash/current/plugins-filters-elasticsearch.html
I want to do the same thing through logstash with the plugin elasticsearch. However, there is no "size" option available in the website https://www.elastic.co/guide/en/logstash/current/plugins-filters-elasticsearch.html
elasticsearch {
hosts => ["localhost:9200/test"]
query => "log.device:%{[log][device]}"
sort => "@timestamp:desc"
}
你如何管理这个问题? p>
感谢您的关注和帮助。
Do you how to manage this problem ?
Joe
推荐答案
还要确保在 _timestamp 上排序,而不是 @timestamp 。
Also make sure to sort on _timestamp not @timestamp.
最后,主机参数没有任何索引。
Finally, the hosts parameter doesn't take any index.
所以:
elasticsearch {
hosts => ["localhost:9200"]
query => "log.device:%{[log][device]}"
sort => "_timestamp:desc"
}
如果真的需要指定一个索引,不支持,但我上周创建公关人员为了支持这一点。所以直到这个合并和发布,你将能够使用我的版本而不是官方的版本:
If you really need to specify an index, this is not supported yet, but I've created a PR last week in order to support this. So until this gets merged and released, you'll be able to use my version instead of the official one:
$> git clone http://github.com/consulthys/logstash-filter-elasticsearch
$> cd logstash-filter-elasticsearch
$> gem build logstash-filter-elasticsearch.gemspec
$> $LS_HOME/bin/plugin -install logstash-filter-elasticsearch-2.0.4.gem
安装修改后的插件,您可以使用特定的索引:
After installing the amended plugin, you'll be able to work on a specific index:
elasticsearch {
hosts => ["localhost:9200"]
index => "test"
query => "log.device:%{[log][device]}"
sort => "_timestamp:desc"
}
这篇关于Logstash-plugin elasticsearch:在logstash中应用执行搜索的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
