堆栈内存溢出
  简体   繁体   English

使用Logstash输出csv插件从ElasticSearch输出文档元数据

[英]Outputting document metadata from ElasticSearch using Logstash output csv plugin

 原文  2018-10-02 13:37:48       elasticsearch/ logstash

问题描述

I am attempting to output the _id metadata field from ES into a CSV file using Logstash. 我正在尝试使用Logstash将ES的_id元数据字段输出到CSV文件中。 

{
  "_index": "data",
  "_type": "default",
  "_id": "vANfNGYB9XD0VZRJUFfy",
  "_version": 1,
  "_score": null,
  "_source": {
    "vulnid": "CVE-2018-1000060",
    "product": [],
    "year": "2018",
    "month": "02",
    "day": "09",
    "hour": "23",
    "minute": "29",
    "published": "2018-02-09T18:29:02.213-05:00",
  },
  "sort": [
    1538424651203
  ]
}

My logstash output filter is: 我的logstash输出过滤器是: 

output { csv {  fields => [ "_id", "vulnid", "published"]  path =>
"/tmp/export.%{+YYYY-MM-dd-hh-mm}.csv" } }

I get output: 我得到输出: 

,CVE-2018-1000060,2018-02-09T18:29:02.213-05:00

But I would like to get: 但我想得到: 

vANfNGYB9XD0VZRJUFfy,CVE-2018-1000060,2018-02-09T18:29:02.213-05:00

How to output the metadata _id into the csv file? 如何将元数据_id输出到csv文件中? It does not matter if I specify the field like "_id" or "@_id" or "@id". 是否指定“ _id”或“ @_id”或“ @id”之类的字段都没有关系。

2 个解决方案

解决方案1
 0  2018-10-02 14:16:06

When we query ES we have to enable docinfo => true. 查询ES时,必须启用docinfo => true。 By default it is false. 默认情况下为false。 

input {
 elasticsearch {
  hosts => [ your hosts ]
  index => "ti"
  query => '{your query}'
  size => 1000
  scroll => "1s"
  docinfo => true
  schedule => "14 * * * *"
 }
}

解决方案2
 0  2018-10-04 05:19:18

Well logstash is not able to get "_id" field from your input, because you must not have set the option docinfo into true. 不错,logstash无法从您的输入中获取“ _id”字段,因为您必须未将docinfo选项设置为true。

docinfo helps to include elasticsearch documents information such as index,type _id etc..Please have a look here for more info https://www.elastic.co/guide/en/logstash/current/plugins-inputs-elasticsearch.html#plugins-inputs-elasticsearch-docinfo docinfo有助于包含Elasticsearch文档信息,例如索引,类型_id等。请在此处查看更多信息https://www.elastic.co/guide/zh-CN/logstash/current/plugins-inputs-elasticsearch.html#插件-输入- elasticsearch-文档信息

use your input plugin as 使用您的输入插件作为 

input {
  elasticsearch {
    hosts => "hostname"
    index => "yourIndex"
    query => '{ "query": { "query_string": { "query": "*" } } }' //optional
    size => 500 //optional
    scroll => "5m" //optional
    docinfo => true
  }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Logstash elasticsearch output 插件 - 从元数据字段填充 api_key 不起作用 - Logstash elasticsearch output plugin - Populating api_key from metadata field does not work 使用Logstash将数据从Elasticsearch导出到CSV - Export data from Elasticsearch to CSV using Logstash logstash output 与面向文档的 elasticsearch - logstash output with document oriented elasticsearch 使用Logstash重写Elasticsearch字段中的_version元数据 - Rewriting _version metadata from elasticsearch field using logstash 使用Logstash Elasticsearch输出插件的ILM不起作用 - ILM using Logstash Elasticsearch output plugin doesn't work 使用logstash Elasticsearch输出插件错误:NameError:找不到SSLConnectionSocketFactory - Using logstash Elasticsearch output plugin error: NameError: SSLConnectionSocketFactory not found 有没有一种方法可以使用文档ID从Logstash中查询Elasticsearch中的文档 - Is there a way to query a document in elasticsearch from logstash using document id 使用logstash将文档嵌套到elasticsearch - Nested document to elasticsearch using logstash Logstash 2.3.4 如何使用logstash-jdbc插件在elasticsearch中加载嵌套文档 - Logstash 2.3.4 How to load nested document in elasticsearch using logstash-jdbc plugin 使用Logstash在ElasticSearch中加载CSV - Loading csv in ElasticSearch using logstash
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM