Testing 2 different index mapping in Elastic

Index or data stream: Enter a JavaScript expression that evaluates to the name of the Elastic data stream or Elastic index where you want events to go. The expression is evaluated for each event; can evaluate to a constant value; and must be enclosed in quotes or backticks. An event's `__index` field can overwrite the index or data stream name.

https://docs.cribl.io/stream/destinations-elastic/#general-settings

Is that what you are doing?

I want to send to a data stream and a time series data stream.

Ah

duplicate the data on the output

Clone function first and modify the clone event to a different index, then use an Output Router based on __index to go to two different destinations.

https://docs.cribl.io/stream/destinations-output-router/#

Let me try this. Sounds promising!

Excellent. This works!

Noice!

Output router is amazing!

I configured 2 output index but I'm getting 3 documents for each interval

0

Does it need to be final on both?

The duplicated documents is on the bottom one.

No, you have it correct

You can also use the filters

I believe it worked fine at first, then it started writing 3 times instead of 2.

true is everything to both places

index1 == xyz goes to dest 1 FINALindex2 == abc goes to dest 2 FINAL

Do I need to change something?

I DM'd you