user223321
Reputation: 153
How to filter out records based on one param from one index in logstash
input{
elasticsearch{
hosts=>["localhost"]
index=>"sample_index"
query=>'{"query":{"match_all":{}}}'
scroll=>"5m"
docinfo=>true
}
}filter{
elasticsearch{
hosts=>["localhost"]
index=>"sample_index"
query=>"NOT(city:delhi)"
sort=>"code:asc"
result_size=>5
fields=>{
"code"=>"Code"
"name"=>"Name"
"city"=>"City"
"salary"=>"Salary"
}
}
}
output{
elasticsearch{
hosts=>["localhost"]
index=>"filter_sample_index4"
}
}
This is the way i am doing. Can anyone figure it out where i am doing wrong
Supppose i have records { "sample_index":{ "name":"ABC", "salary":56000, "city":"mumbai" }, { "name":"XYZ", "salary":54400, "city":"DEHI" }, { "name":"QWERTY", "salary":65000, "city":"Delhi" }, { "name":"JACK", "salary":26000, "city":"mumbai" } }
What i want is this based on city filter out the index `{ "filter_index":{ "name":"ABC", "salary":56000, "city":"mumbai" },
{
"name":"JACK",
"salary":26000,
"city":"mumbai"
}
}`
Upvotes: 0
Views: 120
Answers (1)
Val
Reputation: 217274
Since the query parameter uses the query_string query syntax, you can simply invert the query like this:
query => "NOT(city:mumbai)"
Upvotes: 1
Related Questions
- Logstash content based filtering, into multiple indexs
- Filtering logstash input
- Drop log messages containing a specific string
- using elasticsearch filter in logstash pipeline
- (logstash) Index only specific data in elasticsearch from kafka input
- Logstash: query parameter lower than a value through elasticsearch plugin
- Configuring Logstash to only include certain fields
- Filter Queries For Elasticsearch from Logstash
- Logstash Filter on Specific Values
- Delete records of a certain type from logstash/elasticsearch