elastic

Send events to Elasticsearch 5 server

Field NameDescriptionTypeDefault
urlElasticsearch server address to send events tostringhttp://localhost:9200
timeoutEnsure that Elasticsearch continuously receives data, even when batch events is not reachedduration100ms
batchNumber of events to send at a timeinteger-
indexIndex to sent events tostring-
document-id-valuestring-
document-id-fieldfield-
retryFor operations that could potentially fail--
batch-outSome outputs support batching the output events, by maximum size, timeout, or end of document--

url

Elasticsearch server address to send events to

Type: string

Example

action:

elastic:
  url: http://localhost:9200
  batch: 1
  index: name

timeout

Ensure that Elasticsearch continuously receives data, even when batch events is not reached

Type: duration

Example

action:

elastic:
  timeout: 1s
  batch: 100
  index: name

batch

Number of events to send at a time

If timeout is exceeded, we send the events anyways, even if batch count is not reached.

Type: integer

Example

action:

elastic:
  batch: 100
  index: name

index

Index to sent events to

This supports time template format

Type: string

Example

action:

elastic:
  index: 'some-index-%Y-%m-%d'
  batch: 1

document-id-value

???

Type: string

Example

action:

elastic:
  document-id-value: 'some-${id}'
  index: 'some-index-%Y-%m-%d'
  batch: 1

document-id-field

???

Type: field

Example

action:

elastic:
  document-id-field: field_name
  index: 'some-index-%Y-%m-%d'
  batch: 1

retry

For operations that could potentially fail

Field NameDescriptionTypeDefault
countHow many attempts to make before declaring failureinteger-
pauseHow long to pause before re-tryingduration-
foreverkeep trying until success is declaredboolfalse

count

How many attempts to make before declaring failure

Type: integer

Example

action:

exec:
  command: echo 'one two'
  retry:
    count: 1

output:

{"_raw":"one two"}

pause

How long to pause before re-trying

Accepts human-friendly formats, like 1m (for 1 minute) and 4h (for 4 hours)

Type: duration

Example

action:

exec:
  command: echo 'one two'
  retry:
    count: 6
    pause: 10s

output:

{"_raw":"one two"}

forever

keep trying until success is declared

Accepts human-friendly formats, like 1m (for 1 minute) and 4h (for 4 hours)

Type: bool

Example

action:

exec:
  command: echo 'one two'
  retry:
    forever: true

output:

{"_raw":"one two"}

batch-out

Some outputs support batching the output events, by maximum size, timeout, or end of document

Field NameDescriptionTypeDefault
batchmaximum number of events in an output batch. If 'document' send on end of document--
timeoutinterval after which the batch is sent, to keep throughput going-100ms
headerput a header line before the batch--
footerput a header line after the last line of the batch--

batch

maximum number of events in an output batch. If 'document' send on end of document

timeout

interval after which the batch is sent, to keep throughput going

put a header line before the batch

put a header line after the last line of the batch