Elasticsearch

Version: v4.25
Elasticsearch
ElasticSearch is a search and observability suite for unstructured data. Tenzir can send events to Elasticsearch.

When sending data to Elasticsearch, Tenzir uses the Bulk API and attempts to maximally batch events for throughput, accumulating multiple events before shipping them within a single API call. You can control batching behavior with the max_content_length and send_timeout options.
Advanced Details
For more details and possible configuration, see the documentation for the to_opensearch operator. When you use to with the elasticsearch:// URL scheme, the pipeline uses the to_opensearch operator under the hood.
Examples
Send events to an Elasticsearch index
from {event: "example"} to "elasticsearch://localhost:9200", action="create", index="main"
Replace localhost with the IP address of your Elasticsearch instance.
Selectively specify metadata and document
Instead of treating the entire event as document to be indexed by Elasticsearch, you can designate a nested record as document:
from {category: "qux", doc_id: "XXX", event: {foo: "bar"}} to "elasticsearch://localhost:9200", id=doc_id, doc=event, action="update", index=category
The above example updates the document with ID XXX with the contents from the nested field event.
Edit this page

Examples​

Send events to an Elasticsearch index​

Selectively specify metadata and document​

Examples

Send events to an Elasticsearch index

Selectively specify metadata and document