Test logstash with elasticsearch as input and output

I have configured logstash with Elasticsearch as input and output paramaters as below :


         elasticsearch {
         hosts =>  ["hostname" ]
        index => 'indexname'        
        type => 'type'
        user => 'username'      
        password => 'password'
        docinfo => true
        query => '{ "query": { "match": { "first_name": "mary" } }}'    


   elasticsearch {
    hosts => ["hostname" ]
    index => 'indexname'                
    user => 'username'
    password => 'password'    

My indexed data is as below :

    PUT person/person/3 
     "first_name" : "mary" 
    PUT person/person/4
    "first_name" : "mary.m" 
     PUT person/person/5
    "first_name" : "mary.k" 

When I run below query on ES

   GET indexname/_search
    "query": {
     "match": {
       "first_name": "mary"

it returns

   "took": 1,
     "timed_out": false,
       "_shards": {
         "total": 5,
        "successful": 5,
         "failed": 0
          "hits": {
             "total": 1,
            "max_score": 0.2876821,
             "hits": [
               "_index": "person",
                 "_type": "person",
                   "_id": "3",
                "_score": 0.2876821,
             "_source": {
             "first_name": "mary"

Although logstash pipeline has started successfully it does not log this query in ES as I had used query as "match": { "first_name": "mary"} in input section.


  • Since your ES runs on HTTPS, you need to add ssl => true to your elasticsearch input configuration

    input {
       elasticsearch {
          hosts =>  ["hostname" ]
          index => 'indexname'        
          type => 'type'
          user => 'username'      
          password => 'password'
          docinfo => true
          ssl => true                                 <--- add this
          query => '{ "query": { "match": { "first_name": "mary" } }}'    