yalp.outputs.elasticsearchΒΆ
The elasticsearch outputer sends events to an elasticsearch index.
Warning
This requires the pyelasticsearch pacakge to be installed.
This outputer supports the following configuration items:
- uri
- The elasticsearch connection uri Formatted as
http[s]://[user:password@]<host>[:port]/[path]. Can also be a list of connection uris. Defaults tohttp://localhost:9200/. - index
- The index name to store the documents. Default to
yalp-%Y.%m.%d. The index can contain a date format string for a dynamic index. - doc_type
- The document name. Default to
logs. - time_based
- If the index is time based. This requires that the index name
contains a date format string and that the event contains a valid
time stamp. Default to
True. - time_stamp_fmt
- The date format of the time stamp in the event. Not used if the
time_stampfield is a datetime. Default to%Y-%m-%dT%H:%M:%S. - manage_template
- Allow yalp to manage the elasticsearch index template. Default to
True. - template_name
- The name of the index template to create. Default to
yalp. - template_overwrite
- Allow yalp to write over any existing template. Default to
False. - buffer_size
- The outputer will buffer this many events before sending them all to
elasticsearch via a bulk insert. Default is
500. - type
- A type filter. Only output events of this type.
Example configuration.
outputs:
- elasticsearch:
uri: 'http://localhost:9200/'
index: "yalp-%Y.%m.%d"
doc_type: logs