Rewriting _version metadata from elasticsearch field using logstash
Question
I'm using the ELK- Stack to import CSV files. Each time the CSV files are imported the "_version" field of a document increases, which is as expected. However, because the _version field is a metadata field, is not indexed by ELK. Therefore the field is not searchable and cannot be used in the Dashboard.
I've created a second logstash configuration where both the input as well as the output are Elasticsearch.
Filter configuration:
filter {
mutate {
add_field => {"Version" => "{[@metadata][_version]}"}
}
}
Input configuration:
input {
elasticsearch {
hosts => ["localhost:9200"]
index => "test_csv"
query => '{"query":{"match_all" : {}}}'
size => 1000
scroll => "1s"
docinfo => true
docinfo_fields => ["_index", "_type", "_id", "_version"]
schedule => "/1 * * * *"
}
}
I cannot get the value from the _version field. The Output in Kibana looks like:
Version {[@metadata][_version]}
If I replace the _version field in the filter with _id or _index I get information back.
Any ideas on how to get value out of the _version field? Any thoughts on the matter are highly appreciated.
Chloe
1 answers
solution1
0 2018-10-08 18:57:16
For version 6.4.2, following works for me:
filter {
mutate {
add_field => {"Version" => "%{[@version]}"}
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.