0

I would like to import some data from index e.g. "logstash-2016-07-01" to new index.

So I created new index using: curl -XPUT 'hostname:port/anomaly/'

Next I searched data what I need using this query: curl 'hostname:port/logstash-2016.07*/_search?pretty' -d @/tmp/query > /tmp/json.data

/tmp/query {"size":500,"sort":[{"@timestamp":{"order":"desc","unmapped_type":"boolean"}}],"query":{"filtered":{"query":{"query_string":{"analyze_wildcard":true,"query":"*:*"}},"filter":{"bool":{"must":[{"range":{"@timestamp":{"gte":1468965600000,"lte":1469138400000}}}],"must_not":[]}}}}}

I obtained correct data in json format. And I would like import these data to new index "anomaly". So I tried this:

curl -XPUT hostname:port/_bulk --data-binary @/tmp/json.data

{"error":"JsonParseException[Unexpected end-of-input: expected close marker for OBJECT (from [Source: [B@10e3753c; line: 1, column: 0])\n at [Source: [B@10e3753c; line: 1, column: 3]]","status":500}

Any ideas how to import /tmp/json.data to index 'anomaly'?

Vasek
  • 11
  • 5
  • 4
    maybe this will help: http://stackoverflow.com/questions/23798433/json-bulk-import-to-elasticstearch – adityasinghraghav Jul 26 '16 at 14:59
  • You should checkout bulk api usage: https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-bulk.html – alpert Jul 26 '16 at 19:42
  • Thank you guys for quick response. Your recommended links helped me. Thank you! – Vasek Jul 27 '16 at 10:58
  • Thank you for your advice Adityasinghraghav and Alpert. It is necessary to pay attention to the correct format when importing. http://stackoverflow.com/questions/23798433/json-bulk-import-to-elasticstearch – Vasek Jul 27 '16 at 11:02

0 Answers0