elasticsearch 日志存储弹性搜索输出的文档id不正确
我使用Logstash从Solace队列读取json消息并将其写入弹性搜索。我使用elasticsearch 日志存储弹性搜索输出的文档id不正确,elasticsearch,logstash,logstash-configuration,elasticsearch,Logstash,Logstash Configuration,我使用Logstash从Solace队列读取json消息并将其写入弹性搜索。我使用doc\u as\u upsert=>true以及输出中的document\u id参数。这就是我的Logstash配置的样子 logstash.conf input { jms { include_header => false include_properties => false include_bo
doc\u as\u upsert=>true
以及输出中的document\u id参数。这就是我的Logstash配置的样子
logstash.conf
input
{
jms {
include_header => false
include_properties => false
include_body => true
use_jms_timestamp => false
destination => 'SpringBatchTestQueue'
pub_sub => false
jndi_name => '/JMS/CF/MDM'
jndi_context => {
'java.naming.factory.initial' => 'com.solacesystems.jndi.SolJNDIInitialContextFactory'
'java.naming.security.principal' => 'EDM_Test_User@NovartisDevVPN'
'java.naming.provider.url' => 'tcp://localhost:55555'
'java.naming.security.credentials' => 'EDM_Test_User'
}
require_jars=> ['/app/elasticsearch/jms/commons-lang-2.6.jar',
'/app/elasticsearch/jms/sol-jms-10.10.0.jar',
'/app/elasticsearch/jms/geronimo-jms_1.1_spec-1.1.1.jar']
}
}
output
{
elasticsearch
{
hosts => ["https://glchbs-sd220240.eu.novartis.net:9200/"]
index => "test-%{+YYYY.MM.dd}"
document_id => "%{customerId}"
doc_as_upsert => true
ssl => true
ssl_certificate_verification => true
cacert => "/app/elasticsearch/config/ssl/Novartis_Silver_Three_Chain.pem"
}
}
Json消息:
{
"customerId": "N-CA-Z9II2YJ1YJ",
"name": "Alan Birch",
"customerRecordType": "Health Care Professional",
"country": "CA",
"language": "EN",
"privacyLawStatus": false,
"salutation": "Mr.",
"firstName": "Alan",
"lastName": "Birch",
"customerType": "Non Prescriber",
"hcpType": "Pharmacist Assistant",
"isMedicalExpert": false,
"customerAddresses": [
{
"addressType": "Primary Address",
"addressLine1": "4001 Leslie Street"
},
{
"addressType": "Other",
"addressLine1": "3004 Center St"
}
],
"meansOfContact": [
{
"type": "Email1",
"value": "alab@noname.com",
"status": "Active"
},
{
"type": "Email2",
"value": "balan@gmail.com",
"status": "Active"
}
],
"specialities": [
{
"specialtyType": "Primary Specialty",
"specialty": "Pharmacy Technician",
"status": "Active"
}
]
}
如您所见,我试图使用JSON消息的customerId字段作为elasticsearch的文档id。但这是插入Elasticsearch的文档的外观:
正如您所看到的,document_id字段应该映射到customerId字段,但事实并非如此。文档将作为%{customerId}
如何解决此问题?感谢您的帮助告诉您该事件中不存在[customerId]字段。如果[message]字段是JSON,那么您应该添加一个JSON过滤器来解析它。这将创建[customerId]字段,然后可以将其用作文档id
json { source => "message" }
谢谢,你能帮我吗