logstatsh.conf
input {
elasticsearch {
hosts => "XXXXXXXXX"
index => "mon"
}
}
output {
elasticsearch {
hosts => "XXXXXX"
index => "mon"
user => "XXXXX"
password => "XXXXXX"
}
}
_id
is not getting its data while running the pipeline in Logstash. I want to have the same data of _id in 8.9
for eg:
output 2.3 v has an _id
value as "yyyy-mm-dd-hh-mi-ss-ms"
"hits" : [
{
"_index" : "mon",
"_id" : "2017-10-23-16.41.22.548866",
"_score" : 1.0,
"_source" : {
output 8.9 v has an _id value as "AwedmdfkgkiAkfkls"
"hits" : [
{
"_index" : "mon",
"_id" : "AwedmdfkgkiAkfkls",
"_score" : 1.0,
"_source" : {
By default elasticsearch input doesn't include document metadata such as type, index and id into the event. You need to enable it using docinfo
flag and then specify where to get id in the elasticsearch output. See documentation for a detailed example.