Enrich your Elasticsearch documents with Logstash

input {
# Read all documents from Elasticsearch
elasticsearch {
hosts => ["${ELASTICSEARCH_URL}"]
user => "elastic"
password => "${ELASTIC_PASSWORD}"
index => "kibana_sample_data_logs"
docinfo => true
ecs_compatibility => "disabled"
}
}
filter {
# Enrich every document with Elasticsearch
elasticsearch {
hosts => ["${ELASTICSEARCH_URL}"]
user => "elastic"
password => "${ELASTIC_PASSWORD}"
index => "vip"
query => "ip:%{[clientip]}"
sort => "ip:desc"
fields => {
"[name]" => "[name]"
"[vip]" => "[vip]"
}
}
mutate {
remove_field => ["@version", "@timestamp"]
}
}
output {
if …

disabled document documents elastic elasticsearch filter input logstash password query