stackoom
  简体   繁体   中英

Logstash elasticsearch output plugin - Populating api_key from metadata field does not work

 原文  2021-02-04 15:17:25       elasticsearch/ logstash

Question

I am using the elasticsearch output plugin of logstash to post my events to elasticsearch. I am using the api_key authentication method. It is all working fine until I have the api_key parameter value hardcoded. For Ex:

api_key => "xxxxxxxxxxxx:yyyyyyyyyyyyyyyy"

where Xs resemble id and Ys the api_key generated using the create api_key security api .

But in my filter I am adding the value to be passed to api_key parameter into a metadata field [@metadata][myapikey] . The idea is use that in the output plugin as shown below

output {
   elasticsearch {
            hosts => ["https://localhost:9200"]
            cacert => 'path-to-ca.crt'
            index => "my-index-name"
            api_key => "%{[@metadata][myapikey]}"
            ssl => true
   }
}

As per my understanding, this should have worked like it would work if we provided the index from a metadata field like index => "%{[@metadata][some-index-name]}" . I have used this for index names successfully before.

Not sure why the same implementation does not work for api_key parameter. I have made sure using stdout plugin that the metadata carries the right value in it, but still see invalid api_key value message when I run this.

Please help here.

Adding full pipeline config

input {
  generator {
    lines => [
          '{"timestamp" : "26/01/2021", "fruit-ID" : "t6789", "vegetable-ID" : "Veg1-1002", "Status" : "OK", "myapikey" : "3p4oIUr-Qxxxxxxx-rA"}'
        ]
    count => 1
    codec => "json"
  }
}

filter {
    
        mutate { 
            add_field => { "[@metadata][myapikey]" => "xxxxxxxxxxx-%{myapikey}" }
            remove_field => ["myapikey"]                    
        }
    
}

output {
    elasticsearch {
            hosts => ["https://localhost:9200"]
            cacert => 'path-to-ca.crt'
            index => "my-index-name"
            api_key => "%{[@metadata][myapikey]}"
            ssl => true
  }
}

1 answers

solution1
 2 ACCPTED  2021-02-04 15:55:33

I think the reason is because the api_key setting doesn't support the sprintf format .

In contrary to the index settings which supports that format , api_key doesn't , so what happens is that Logstash sends the raw value %{[@metadata][myapikey]} (without resolving it) as the API key and that obviously fails.

I think the main reason behind this design decision is that an API key, much like a password, is not supposed to be a field that travels in each document.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Outputting document metadata from ElasticSearch using Logstash output csv plugin Rewriting _version metadata from elasticsearch field using logstash Logstash not populating ElasticSearch from MySQL ILM using Logstash Elasticsearch output plugin doesn't work Logstash configuration: how to call the partial-update API from ElasticSearch output plugin? does logstash's elasticsearch output plugin retry individual bulk errors? Using Flask to POST to Elasticsearch Hosted Service with api_key Logstash Elasticsearch output use parsed field from input file logstash metadata not passed to elasticsearch Which Elasticsearch node is better configured in Logstash Elasticsearch output plugin and Kibana
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM