Skip to main content
Version: 3.4.0

elastic

Send events to Elasticsearch server

Field NameDescriptionTypeDefault
batchMaximum number of events in an output batch. If 'document' send on end of documentinteger or the 'document'-
timeoutInterval after which the batch is sent, to keep throughput goinginterval100ms
headerPut a header line before the batchtemplated text-
footerPut a header line after the last line of the batchtemplated text-
use-document-markerEnrich the pipe metadata with a document marker (for document handling in batch mode)boolfalse
retryFor operations that could potentially failRetry-
urlElasticsearch server address to send events tostringhttp://localhost:9200
indexIndex to send events tostring-
document-id-valueThe document ID for the document to be inserted into Elasticsearch (BULK API)string-
document-id-fieldSpecify a field that contains the document ID.field-
insecureIgnore TLS certificate validation errors (This is unsafe to use)boolfalse

batch

Maximum number of events in an output batch. If 'document' send on end of document

Type: integer or the 'document'

timeout

Interval after which the batch is sent, to keep throughput going

Type: interval

Put a header line before the batch

Type: templated text

Put a header line after the last line of the batch

Type: templated text

use-document-marker

Enrich the pipe metadata with a document marker (for document handling in batch mode)

Type: bool

retry

For operations that could potentially fail

Type: Retry

Field NameDescriptionTypeDefault
countHow many attempts to make before declaring failureinteger-
pauseHow long to pause before re-tryingduration-
foreverKeep trying until success is declaredboolfalse

count

How many attempts to make before declaring failure

Type: integer

Example

action:

exec:
command: echo 'one two'
retry:
count: 1

output:

{"_raw":"one two"}

pause

How long to pause before re-trying

Accepts human-friendly formats, like 1m (for 1 minute) and 4h (for 4 hours)

Type: duration

Example

action:

exec:
command: echo 'one two'
retry:
count: 6
pause: 10s

output:

{"_raw":"one two"}

forever

Keep trying until success is declared

Accepts human-friendly formats, like 1m (for 1 minute) and 4h (for 4 hours)

Type: bool

Example

action:

exec:
command: echo 'one two'
retry:
forever: true

output:

{"_raw":"one two"}

url

Elasticsearch server address to send events to

Type: string

Example

action:

elastic:
url: http://localhost:9200
batch: 1
index: name

index

Index to send events to

This supports time template format

Type: string

Example

action:

elastic:
index: 'some-index-%Y-%m-%d'
batch: 1

document-id-value

The document ID for the document to be inserted into Elasticsearch (BULK API)

Type: string

Example

action:

elastic:
document-id-value: 'some-${id}'
index: 'some-index-%Y-%m-%d'
batch: 1

document-id-field

Specify a field that contains the document ID.

Type: field

Example

action:

elastic:
document-id-field: field_name
index: 'some-index-%Y-%m-%d'
batch: 1

insecure

Ignore TLS certificate validation errors (This is unsafe to use)

Type: bool