我尝试使用日志存储将数据从弹性搜索的索引移动到另一个索引。
并且,我希望从logstash索引转移到特定字段(世界)到测试索引。
所以,我创建了一个logstash配置文件。
这样的配置文件。
input {
elasticsearch {
hosts => "hostname"
index => "logstash-2017.03.17"
query => `{"fileds" : ["world"]}`
}
filter {
}
output {
elasticsearch {
hosts => "hostname"
index => "test-${+YYYY.MM.DD}"
action => "index"
}
}
但是,logstash不是由错误运行
A plugin had an unrecoverable error. Will restart this plugin.
Plugin: <LogStash::Inputs::Elasticsearch hosts=>["tales-gameelk"], index=>"logstash-2017.03.23", query=>"\"fields\" : [\"world\"]", codec=><LogStash::Codecs::JSON charset=>"UTF-8">, scan=>true, size=>1000, scroll=>"1m", docinfo=>false, docinfo_target=>"@metadata", docinfo_fields=>["_index", "_type", "_id"], ssl=>false>
Error: [400] {"error":{"root_cause":[{"type":"parse_exception","reason":"Failed to derive xcontent"}],"type":"search_phase_execution_exception","reason":"all shards failed","phase":"init_scan","grouped":true,"failed_shards":[{"shard":0,"index":"logstash-2017.03.23","node":"5tE8NEF5T5uQbdrjb4yFiQ","reason":{"type":"parse_exception","reason":"Failed to derive xcontent"}}]},"status":400} {:level=>:error}
我该如何解决这个问题?
答案 0 :(得分:2)
您的elasticsearch输入格式不正确。试试这个:
input {
elasticsearch {
hosts => "hostname"
index => "logstash-2017.03.17"
query => '{"_source" : ["world"]}'
}
}