- elasticsearch/
elasticsearch Logstash是否支持Elasticsearch的“逐个更新”查询?
elasticsearch Logstash是否支持Elasticsearch的“逐个更新”查询?
Elasticsearch输出插件是否支持Elasticsearch的“按次更新”查询? elasticsearch输出插件只能调用_批量端点,即使用 如果您想调用updatebyqueryapi,您需要使用输出插件并自己在事件内部构造查询。如果你解释了你想要达到的目标,我可以用更多的细节更新我的答案 注意:有一个网站要求提供此功能,但两年后它仍然开放 更新 因此,如果您的输入事件是{cname:wang,cage:11},并且您希望通过使用cname:wang查询所有文档来更新以设置cage:11,那么您的查询需要如下所示:
POST your-index/_update_by_query
{
"script": {
"source": "ctx._source.cage = params.cage",
"lang": "painless",
"params": {
"cage": 11
}
},
"query": {
"term": {
"cname": "wang"
}
}
}
input {
stdin {
codec => "json"
}
}
filter {
mutate {
add_field => {
"[script][lang]" => "painless"
"[script][source]" => "ctx._source.cage = params.cage"
"[script][params][cage]" => "%{cage}"
"[query][term][cname]" => "%{cname}"
}
remove_field => ["host", "@version", "@timestamp", "cname", "cage"]
}
}
output {
http {
url => "http://localhost:9200/index/doc/_update_by_query"
http_method => "post"
format => "json"
}
}
POST your-index/_update_by_query
{
"script": {
"source": "ctx._source.cage = params.cage",
"lang": "painless",
"params": {
"cage": 11
}
},
"query": {
"term": {
"cname": "wang"
}
}
}
input {
stdin {
codec => "json"
}
}
filter {
mutate {
add_field => {
"[script][lang]" => "painless"
"[script][source]" => "ctx._source.cage = params.cage"
"[script][params][cage]" => "%{cage}"
"[query][term][cname]" => "%{cname}"
}
remove_field => ["host", "@version", "@timestamp", "cname", "cage"]
}
}
output {
http {
url => "http://localhost:9200/index/doc/_update_by_query"
http_method => "post"
format => "json"
}
}
使用标准elasticsearch插件可以获得相同的结果:
input {
elasticsearch {
hosts => "${ES_HOSTS}"
user => "${ES_USER}"
password => "${ES_PWD}"
index => "<your index pattern>"
size => 500
scroll => "5m"
docinfo => true
}
}
filter {
...
}
output {
elasticsearch {
hosts => "${ES_HOSTS}"
user => "${ES_USER}"
password => "${ES_PWD}"
action => "update"
document_id => "%{[@metadata][_id]}"
index => "%{[@metadata][_index]}"
}
}
使用标准elasticsearch插件可以获得相同的结果:
input {
elasticsearch {
hosts => "${ES_HOSTS}"
user => "${ES_USER}"
password => "${ES_PWD}"
index => "<your index pattern>"
size => 500
scroll => "5m"
docinfo => true
}
}
filter {
...
}
output {
elasticsearch {
hosts => "${ES_HOSTS}"
user => "${ES_USER}"
password => "${ES_PWD}"
action => "update"
document_id => "%{[@metadata][_id]}"
index => "%{[@metadata][_index]}"
}
}
你好我有个问题。如果我的logstash输入是{cname:wang,cage:11},并且我想用cname=wang更新所有文档并将cage设置为11,那么我应该如何编写logstash conf文件来实现它?谢谢您好,我们在logstash中尝试了这个http响应,弹性搜索控制台为找不到索引抛出错误,日志存储结果为400:[http输出失败]遇到非2xx http代码405{:response\u code=>405,:url=>,:event=>@Val,您能帮我一下吗?嗨!我有个问题。如果我的logstash输入是{cname:wang,cage:11}我想用cname=wang更新所有文档,并将cage设置为11,我应该如何编写logstash conf文件来实现它?谢谢大家,我们在logstash中尝试了这个http响应,弹性搜索控制台为找不到索引抛出错误,日志stash结果在400:[http输出失败]中遇到了非2xx http代码405{:response_code=>405,:url=>,:event=>@Val,你能帮我一下吗?