_id value is populating with some random string in 8.9 v while cloning the data from 2.3 using logstatsh

Question

logstatsh.conf

 input {
  elasticsearch {
    hosts => "XXXXXXXXX"
    index => "mon"
  }
}

output {
  elasticsearch {
    hosts => "XXXXXX"
    index => "mon"
    user => "XXXXX"
    password => "XXXXXX"


    }
}

_id is not getting its data while running the pipeline in Logstash. I want to have the same data of _id in 8.9

for eg: output 2.3 v has an _id value as "yyyy-mm-dd-hh-mi-ss-ms"

"hits" : [
      {
        "_index" : "mon",
        "_id" : "2017-10-23-16.41.22.548866",
        "_score" : 1.0,
        "_source" : {

output 8.9 v has an _id value as "AwedmdfkgkiAkfkls"

"hits" : [

      {
        "_index" : "mon",
        "_id" : "AwedmdfkgkiAkfkls",
        "_score" : 1.0,
        "_source" : {

Answer 1

By default elasticsearch input doesn't include document metadata such as type, index and id into the event. You need to enable it using docinfo flag and then specify where to get id in the elasticsearch output. See documentation for a detailed example.

Answer 2

Worked with below in the input, section added

docinfo => true
    docinfo_target => "[@metadata][doc]"

and in the output section added

document_id => "%{[@metadata][doc][_id]}"