Skip to main content

Output: elastic

Send events to Elasticsearch server

Field Summary

Field NameTypeDescriptionDefault
batchinteger or the 'document'Maximum number of events in an output batch. If 'document' send on end of document-
timeoutintervalInterval after which the batch is sent, to keep throughput going100ms
headertemplated textPut a header line before the batch-
footertemplated textPut a header line after the last line of the batch-
use-document-markerboolEnrich the pipe metadata with a document marker (for document handling in batch mode)false
retryRetryFor operations that could potentially fail-
urlstringElasticsearch server address to send events tohttp://localhost:9200
indexstringIndex to send events to-
document-id-valuestringThe document ID for the document to be inserted into Elasticsearch (BULK API)-
document-id-fieldfieldSpecify a field that contains the document ID.-
insecureboolIgnore TLS certificate validation errors (This is unsafe to use)false

Fields

batch

Type: integer or the 'document'

Maximum number of events in an output batch. If 'document' send on end of document

timeout

Type: interval

Default: 100ms

Interval after which the batch is sent, to keep throughput going

Type: templated text

Put a header line before the batch

Type: templated text

Put a header line after the last line of the batch

use-document-marker

Type: bool

Default: false

Enrich the pipe metadata with a document marker (for document handling in batch mode)

retry

Type: Retry

For operations that could potentially fail

Field NameTypeDescriptionDefault
countintegerHow many attempts to make before declaring failure-
pausedurationHow long to pause before re-trying-
foreverboolKeep trying until success is declaredfalse

  count

Type: integer

How many attempts to make before declaring failure

Example

Pipe Language Snippet:

exec:
command: echo 'one two'
retry:
count: 1

Output:

{"_raw":"one two"}

  pause

Type: duration

How long to pause before re-trying

Accepts human-friendly formats, like 1m (for 1 minute) and 4h (for 4 hours)

Example

Pipe Language Snippet:

exec:
command: echo 'one two'
retry:
count: 6
pause: 10s

Output:

{"_raw":"one two"}

  forever

Type: bool

Default: false

Keep trying until success is declared

Accepts human-friendly formats, like 1m (for 1 minute) and 4h (for 4 hours)

Example

Pipe Language Snippet:

exec:
command: echo 'one two'
retry:
forever: true

Output:

{"_raw":"one two"}

url

Type: string

Default: http://localhost:9200

Elasticsearch server address to send events to

Example

Pipe Language Snippet:

elastic:
url: http://localhost:9200
batch: 1
index: name

index

Type: string

Index to send events to

This supports time template format

Example

Pipe Language Snippet:

elastic:
index: 'some-index-%Y-%m-%d'
batch: 1

document-id-value

Type: string

The document ID for the document to be inserted into Elasticsearch (BULK API)

Example

Pipe Language Snippet:

elastic:
document-id-value: 'some-${id}'
index: 'some-index-%Y-%m-%d'
batch: 1

document-id-field

Type: field
Alias: document-id

Specify a field that contains the document ID.

Example

Pipe Language Snippet:

elastic:
document-id-field: field_name
index: 'some-index-%Y-%m-%d'
batch: 1

insecure

Type: bool

Default: false

Ignore TLS certificate validation errors (This is unsafe to use)