I highly recommend that you use the HTTP output. Works great, is immune to
the ES version, and there are no performance issues that I've seen. It Just
Works.
For example, here's my sample logstash configuration's output settings:
output {
# Uncomment for testing only:
# stdout { codec => rubydebug }
# Elasticsearch
elasticsearch {
# Specify http (with or without quotes around http) to direct the
# output as JSON documents via the Elasticsearch HTTP REST API
protocol => "http"
codec => json
manage_template => false
# Or whatever target ES host is required
host => "localhost"
# Or whatever _type is desired:
index_type => "sample"
}
}
As you can probably surmise, I have my own default index creation template
so there's no need to splatter it all over creation; logstash runs better
on the host on which it's gathering the log files and I vastly prefer one
central index template than keeping a bazillion logstash configurations in
perfect sync. And if we happen replace logstash for something else, then I
still have my index creation templates.
Hope this helps!
Brian
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/27854489-1f4d-4ebd-883c-64dc6235eed4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
