Reputation: 3019
Update/delete existing log entry with logstash
Is there a way to tell logstash to remove/update some log entries from Elasticsearch? It seems that Logstash can index documents but I didn't find evidence that it can make update/delete operations.
If it is possible, we could imagine that we could "log" operations on Elasticsearch and use Logstash to output them in bulk in Elasticsearch. This way the programmer doesn't have to create a mechanism to make bulk operations on Elasticsearch.
Upvotes: 8
Views: 8671
Answers (1)
Reputation: 3019
Everything is in the docs.
To update an entry with Logstash, you need to provide the document id in document_id and the document will be replaced with the new content.
To delete a document with logstash, provide it's id in document_id and set the action field to "delete".
Upvotes: 5
Related Questions
- Update existing document of Elasticsearch and insert current record through logstash
- How to make Logstash replace old data?
- How in Logstash update index with new data?
- Re-setting Logstash state
- Update records in ElasticSearch
- logstash extract json field and overwrite index
- Logstash delete type and keep _type
- Logstash Update a document in elasticsearch
- Modify the content of a field using logstash
- Update fields of logstash index on ElasticSearch