本文介绍了使用logstash在弹性搜索中将两个索引合并为第三个索引的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有两个索引
- EMPLOYEE_DATA
{"code":1, "name":xyz, "city":"Mumbai" } - TRANSACTION_DATA
{"code":1, "Month":June", payment:78000 }
我想要像这样的第三个索引3)JOIN_INDEX
{"code":1, "name":xyz, "city":"Mumbai", "Month":June", payment:78000 }怎么可能??
我正在尝试logstash
input {
elasticsearch {
hosts => "localost"
index => "employees_data,transaction_data"
query => '{ "query": { "match": { "code": 1} } }'
scroll => "5m"
docinfo => true
}
}
output {
ElasticSearch{主机=>;[";localhost";]
index => "join1"
}
}
推荐答案
您可以对Employees_Data
使用ElasticSearch输入在您的筛选器中,使用TRANSACTION_DATA上的弹性搜索过滤
input {
elasticsearch {
hosts => "localost"
index => "employees_data"
query => '{ "query": { "match_all": { } } }'
sort => "code:desc"
scroll => "5m"
docinfo => true
}
}
filter {
elasticsearch {
hosts => "localhost"
index => "transaction_data"
query => "(code:"%{[code]}"
fields => {
"Month" => "Month",
"payment" => "payment"
}
}
}
output {
elasticsearch {
hosts => ["localhost"]
index => "join1"
}
}
并使用ElasticSearch输出将新文档发送到第三个索引
您将拥有3个弹性搜索连接,搜索结果可能会有点慢。但它起作用了。这篇关于使用logstash在弹性搜索中将两个索引合并为第三个索引的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!