elasticsearchlogstashelastic-stacklogstash-configurationlogstash-file

_id value is populating with some random string in 8.9 v while cloning the data from 2.3 using logstatsh


logstatsh.conf

 input {
  elasticsearch {
    hosts => "XXXXXXXXX"
    index => "mon"
  }
}

output {
  elasticsearch {
    hosts => "XXXXXX"
    index => "mon"
    user => "XXXXX"
    password => "XXXXXX"


    }
}

_id is not getting its data while running the pipeline in Logstash. I want to have the same data of _id in 8.9

for eg: output 2.3 v has an _id value as "yyyy-mm-dd-hh-mi-ss-ms"

"hits" : [
      {
        "_index" : "mon",
        "_id" : "2017-10-23-16.41.22.548866",
        "_score" : 1.0,
        "_source" : {

output 8.9 v has an _id value as "AwedmdfkgkiAkfkls"

"hits" : [

      {
        "_index" : "mon",
        "_id" : "AwedmdfkgkiAkfkls",
        "_score" : 1.0,
        "_source" : {

Solution

  • By default elasticsearch input doesn't include document metadata such as type, index and id into the event. You need to enable it using docinfo flag and then specify where to get id in the elasticsearch output. See documentation for a detailed example.