In the output to the es can be specified fields, such as the default have message @ version @ timestamp path and other fields, for the message and the path with multiple filter processing to generate a hash types of fields, I hope the output only this hash type field
Official documentation can be set in the configuration of the codec, however, I set to (toElasticsearch hash generated after processing field for me)
The codec=& gt; Plain {
Format=& gt; "% {toElasticsearch}
"}
In kafka output using the same codec can see the output for a standard json format, illustrate the codec in the configuration of es didn't work, for es also is not very familiar with, is there any way to specify the output field, so is to configure the template or other?
Field a lot of, have more than 40, haven't tried the configuration template,
Elasticsearch {
The codec=& gt; Plain {
Format=& gt; "% {toElasticsearch}
"}
Hosts=& gt; [" 172.16.17.107 "]
The index=& gt; "Cmcc_viewlog_ % {+ yyyyMMdd}"
The document_type=& gt; "% {the document_type}
"Template_name=& gt; "Cmcc_viewlog
"The template=& gt; "/opt/fonsview/3 rd/logstash - 2.3.1/conf/cmcc_viewlog json"
Template_overwrite=& gt; True
}
In cmcc_viewlog. Only defines some generic template in json
CodePudding user response:
Meet the same problem, consult for adviceCodePudding user response:
I also want to put the "message", "agent. *", "cloud. *", "host. * these fields are not output, although _source can add filter conditions make these fields do not add to the _source, but I don't think these fields directly output to the es. Hope expert advice,