You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: pipeline/outputs/elasticsearch.md
+19-1Lines changed: 19 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -31,6 +31,7 @@ The **es** output plugin, allows to ingest your records into an [Elasticsearch](
31
31
| Type | Type name |\_doc |
32
32
| Logstash\_Format | Enable Logstash format compatibility. This option takes a boolean value: True/False, On/Off | Off |
33
33
| Logstash\_Prefix | When Logstash\_Format is enabled, the Index name is composed using a prefix and the date, e.g: If Logstash\_Prefix is equals to 'mydata' your index will become 'mydata-YYYY.MM.DD'. The last string appended belongs to the date when the data is being generated. | logstash |
34
+
| Logstash\_Prefix\_Key | When included: the value of the key in the record will be evaluated as key reference and overrides Logstash\_Prefix for index generation. If the key/value is not found in the record then the Logstash\_Prefix option will act as a fallback. The parameter is expected to be a [record accessor](../../administration/configuring-fluent-bit/classic-mode/record-accessor). ||
34
35
| Logstash\_Prefix\_Separator | Set a separator between logstash_prefix and date.| - |
35
36
| Logstash\_DateFormat | Time format \(based on [strftime](http://man7.org/linux/man-pages/man3/strftime.3.html)\) to generate the second part of the Index name. | %Y.%m.%d |
36
37
| Time\_Key | When Logstash\_Format is enabled, each record will get a new timestamp field. The Time\_Key property defines the name of that field. |@timestamp|
@@ -45,7 +46,7 @@ The **es** output plugin, allows to ingest your records into an [Elasticsearch](
45
46
| Trace\_Output | Print all elasticsearch API request payloads to stdout \(for diag only\)| Off |
46
47
| Trace\_Error | If elasticsearch return an error, print the elasticsearch API request and response \(for diag only\)| Off |
47
48
| Current\_Time\_Index | Use current time for index generation instead of message record | Off |
48
-
| Logstash\_Prefix\_Key | When included: the value in the record that belongs to the key will be looked up and over-write the Logstash\_Prefix for index generation. If the key/value is not found in the record then the Logstash\_Prefix option will act as a fallback. Nested keys are not supported \(if desired, you can use the nest filter plugin to remove nesting\)||
49
+
49
50
| Suppress\_Type\_Name | When enabled, mapping types is removed and `Type` option is ignored. Types are deprecated in APIs in [v7.0](https://www.elastic.co/guide/en/elasticsearch/reference/current/removal-of-types.html). This options is for v7.0 or later. | Off |
50
51
| Workers | Enables dedicated thread(s) for this output. Default value is set since version 1.8.13. For previous versions is 0. | 2 |
51
52
@@ -237,3 +238,20 @@ Without this you will see errors like:
237
238
```text
238
239
{"error":{"root_cause":[{"type":"illegal_argument_exception","reason":"Action/metadata line [1] contains an unknown parameter [_type]"}],"type":"illegal_argument_exception","reason":"Action/metadata line [1] contains an unknown parameter [_type]"},"status":400}
239
240
```
241
+
242
+
### Logstash_Prefix_Key
243
+
244
+
The following snippet demonstrates using the namespace name as extracted by the
245
+
`kubernetes` filter as logstash prefix:
246
+
247
+
```text
248
+
[OUTPUT]
249
+
Name es
250
+
Match *
251
+
# ...
252
+
Logstash_Prefix logstash
253
+
Logstash_Prefix_Key $kubernetes["namespace_name"]
254
+
# ...
255
+
```
256
+
257
+
For records that do nor have the field `kubernetes.namespace_name`, the default prefix, `logstash` will be used.
Copy file name to clipboardExpand all lines: pipeline/outputs/opensearch.md
+18-1Lines changed: 18 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,6 +28,7 @@ The following instructions assumes that you have a fully operational OpenSearch
28
28
| Type | Type name. This option is ignored if `Suppress_Type_Name` is enabled. |\_doc |
29
29
| Logstash\_Format | Enable Logstash format compatibility. This option takes a boolean value: True/False, On/Off | Off |
30
30
| Logstash\_Prefix | When Logstash\_Format is enabled, the Index name is composed using a prefix and the date, e.g: If Logstash\_Prefix is equals to 'mydata' your index will become 'mydata-YYYY.MM.DD'. The last string appended belongs to the date when the data is being generated. | logstash |
31
+
| Logstash\_Prefix\_Key | When included: the value of the key in the record will be evaluated as key reference and overrides Logstash\_Prefix for index generation. If the key/value is not found in the record then the Logstash\_Prefix option will act as a fallback. The parameter is expected to be a [record accessor](../../administration/configuring-fluent-bit/classic-mode/record-accessor). ||
31
32
| Logstash\_Prefix\_Separator | Set a separator between logstash_prefix and date. | - |
32
33
| Logstash\_DateFormat | Time format \(based on [strftime](http://man7.org/linux/man-pages/man3/strftime.3.html)\) to generate the second part of the Index name. | %Y.%m.%d |
33
34
| Time\_Key | When Logstash\_Format is enabled, each record will get a new timestamp field. The Time\_Key property defines the name of that field. |@timestamp|
@@ -42,7 +43,6 @@ The following instructions assumes that you have a fully operational OpenSearch
42
43
| Trace\_Output | When enabled print the OpenSearch API calls to stdout \(for diag only\)| Off |
43
44
| Trace\_Error | When enabled print the OpenSearch API calls to stdout when OpenSearch returns an error \(for diag only\)| Off |
44
45
| Current\_Time\_Index | Use current time for index generation instead of message record | Off |
45
-
| Logstash\_Prefix\_Key | When included: the value in the record that belongs to the key will be looked up and over-write the Logstash\_Prefix for index generation. If the key/value is not found in the record then the Logstash\_Prefix option will act as a fallback. Nested keys are not supported \(if desired, you can use the nest filter plugin to remove nesting\)||
46
46
| Suppress\_Type\_Name | When enabled, mapping types is removed and `Type` option is ignored. | Off |
47
47
| Workers | Enables dedicated thread(s) for this output. Default value is set since version 1.8.13. For previous versions is 0. | 2 |
48
48
| Compress | Set payload compression mechanism. The only available option is `gzip`. Default = "", which means no compression. ||
@@ -128,6 +128,23 @@ becomes
128
128
129
129
## FAQ
130
130
131
+
### Logstash_Prefix_Key
132
+
133
+
The following snippet demonstrates using the namespace name as extracted by the
134
+
`kubernetes` filter as logstash preifix:
135
+
136
+
```text
137
+
[OUTPUT]
138
+
Name opensearch
139
+
Match *
140
+
# ...
141
+
Logstash_Prefix logstash
142
+
Logstash_Prefix_Key $kubernetes["namespace_name"]
143
+
# ...
144
+
```
145
+
146
+
For records that do nor have the field `kubernetes.namespace_name`, the default prefix, `logstash` will be used.
147
+
131
148
### Fluent Bit + Amazon OpenSearch Service <aid="#aws-es"></a>
132
149
133
150
The Amazon OpenSearch Service adds an extra security layer where HTTP requests must be signed with AWS Sigv4. This plugin supports Amazon OpenSearch Service with IAM Authentication.
0 commit comments