堆栈内存溢出
  繁体   English   中英

如何使用logstash动态定义elasticsearch索引?

[英]How to dynamically define elasticsearch index with logstash?

 原文  2019-04-25 00:57:26       elasticsearch/ logstash/ logstash-configuration/ logstash-jdbc

问题描述

请参阅下面的logstash配置文件,使用jdbc插件将记录从mysql数据库提取到elasticsearch索引中。 如何修改以便根据数据库中找到的company_id值生成单独的索引,如下所示: company_%{company_id}_user_events

这可以动态完成还是需要为每个公司ID创建预先配置和硬编码的单独logstash配置文件? 是否有像剧本或模板这样的中间立场?

如果它有帮助,可以将company_id字段添加到数据库中的ahoy_events表中,而不是像现在那样通过用户关联“添加”。

当前的logstash.conf 

input {
    jdbc {
        jdbc_driver_library => "/opt/mysql-connector-java-5.1.47-bin.jar"
        jdbc_driver_class => "com.mysql.jdbc.Driver"
        jdbc_connection_string => "jdbc:mysql://mysql:3306/${DB_NAME}"
        jdbc_user => "${DB_USER}"
        jdbc_password => "${DB_PASSWORD}"
        schedule => "* * * * *"
        statement => "select * from ahoy_events where time > :sql_last_value"
    }
}

filter {
    jdbc_streaming {
        jdbc_driver_library => "/opt/mysql-connector-java-5.1.47-bin.jar"
        jdbc_driver_class => "com.mysql.jdbc.Driver"
        jdbc_connection_string => "jdbc:mysql://mysql:3306/${DB_NAME}"
        jdbc_user => "${DB_USER}"
        jdbc_password => "${DB_PASSWORD}"
        statement => "select * from users where id = :user"
        parameters => { "user" => "user_id" }
        target => "user"
    }
    jdbc_streaming {
        jdbc_driver_library => "/opt/mysql-connector-java-5.1.47-bin.jar"
        jdbc_driver_class => "com.mysql.jdbc.Driver"
        jdbc_connection_string => "jdbc:mysql://mysql:3306/${DB_NAME}"
        jdbc_user => "${DB_USER}"
        jdbc_password => "${DB_PASSWORD}"
        statement => "select * from visits where id = :visits"
        parameters => { "visits" => "visit_id" }
        target => "visits"
    }
    mutate {
        add_field => { "company_id" =>  "%{[user][0][company_id]}"}
    }
    jdbc_streaming {
        jdbc_driver_library => "/opt/mysql-connector-java-5.1.47-bin.jar"
        jdbc_driver_class => "com.mysql.jdbc.Driver"
        jdbc_connection_string => "jdbc:mysql://mysql:3306/${DB_NAME}"
        jdbc_user => "${DB_USER}"
        jdbc_password => "${DB_PASSWORD}"
        statement => "select * from companies where id = :company_id"
        parameters => { "company_id" => "company_id" }
        target => "company"
    }
    json {
        source => "properties"
        target => "properties"
    }
    mutate {
        add_field => { "user_name" => "%{[user][0][name]}" }
    }
    mutate {
        add_field => { "company_name" => "%{[company][0][name]}" }
    }
    mutate {
        rename => { "[visits][0]" => "visit" }
    }
    mutate {
        remove_field => ["visits", "company", "user"]
    }
}

output {
    elasticsearch {
        hosts => ["http://elasticsearch:9200"]
        index => "user_events-%{+YYYY.MM.dd}"
        document_id => "%{id}"
    }
}

所需的结果是具有company_id命名空间的索引: company_%{company_id}_user_events以便稍后可以在同一模式company_%{company_id}_other_records添加其他索引company_%{company_id}_other_records

1 个解决方案

解决方案1
 0 已采纳  2019-04-25 01:21:46

不是100%肯定,但从技术上来说应该是这么简单: 

output {
    elasticsearch {
        hosts => ["http://elasticsearch:9200"]
        index => "company_%{company_id}_events-%{+YYYY.MM.dd}"
        document_id => "%{id}"
    }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 logstash输出elasticsearch-动态生成索引名称 如何配置logstash创建弹性搜索索引? 如何使用logstash将队列的内容发送到elasticsearch索引 使用Logstash更新Elasticsearch索引 Logstash文件名作为ElasticSearch索引 Logstash不在Elasticsearch上创建索引 logstash输出到elasticsearch索引和映射 Logstash错误以为Elasticsearch重新创建索引 使用Logstash输出修改Elasticsearch索引 来自Logstash的ElasticSearch中的动态索引
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM