Prepends ElasticSearch BulkAPI index JSON to a message payload.
Config:
String to use as the _index key’s value in the generated JSON. Supports field interpolation as described below.
String to use as the _type key’s value in the generated JSON. Supports field interpolation as described below.
String to use as the _id key’s value in the generated JSON. Supports field interpolation as described below.
If true, then any time interpolation (often used to generate the ElasticSeach index) will use the timestamp from the processed message rather than the system time.
Field interpolation:
Data from the current message can be interpolated into any of the string arguments listed above. A %{} enclosed field name will be replaced by the field value from the current message. Supported default field names are “Type”, “Hostname”, “Pid”, “UUID”, “Logger”, “EnvVersion”, and “Severity”. Any other values will be checked against the defined dynamic message fields. If no field matches, then a C strftime (on non-Windows platforms) or C89 strftime (on Windows) time substitution will be attempted.
Example Heka Configuration
[es_payload]
type = "SandboxEncoder"
filename = "lua_encoders/es_payload.lua"
[es_payload.config]
es_index_from_timestamp = true
index = "%{Logger}-%{%Y.%m.%d}"
type_name = "%{Type}-%{Hostname}"
[ElasticSearchOutput]
message_matcher = "Type == 'mytype'"
encoder = "es_payload"
Example Output
{"index":{"_index":"mylogger-2014.06.05","_type":"mytype-host.domain.com"}}
{"json":"data","extracted":"from","message":"payload"}