stackoom
  简体   繁体   中英

Apply grok filters to logs already stored in elasticsearch

 原文  2015-09-15 16:34:20       elasticsearch/ logstash/ logstash-grok

Question

I'm using syslog->logstash->elasticsearch->kibana to visualize my logs. The stack is working fine so far. I have already a few thousand logs in elasticsearch. Now I decided to change some grok filters. Is there a way to process all logs again to be matched by the new filters?

I can think of somehow exporting the database and adding that as a new input to logstash, but this would be kind of complicated. I'm looking for an easy one click solution, because I'm likely going to change some filters in the future. I could not find any easy solution so far. Any help appreciated.

1 answers

solution1
 0  2016-08-09 17:47:40

Use elasticsearch 5.0. Then you could run the logs through an ingest pipeline.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Tagging the Logs by Logstash - Grok - ElasticSearch Elasticsearch: Grok-pipeline not working (Not applying to logs) In Elasticsearch, how to apply filters at an aggregation level How to apply combination of filters on array of objects in elasticsearch? Aggregate Jenkins build logs stored in ElasticSearch grok not parsing logs failed to filter logs with grok Grok pattern for logstash / elasticsearch Apply grok for logfiles How do I apply 2 filters to my ElasticSearch query object?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM