How do I tell Elasticsearch to get the column names from the first line of a file?


I just started using Elasticsearch/logstash.

I have 3 different files with a common id. Each file contains the column names on the first line, for example:


How can I tell Elasticsearch to get the first line as column names?

Also, how can I do some research in Elastic using the common id between the files, for example q:column=data group by id?

you can add the below mentioned code in the .confgig file . You have to explicitly mention the column names in the config file .

filter {
csv {
    columns =

Looks like you have csv data. Logstash provides a csv filter, but it doesn't handle header rows.

There is a new csv codec, but it's listed as not ready for production.

