Conditional update to the document

Dan_Markhasin · June 3, 2017, 4:09pm

It's something along the lines of the following:

filter {
  ruby {
    code => 'field_name = "update_script"
             condCol = event.get("condCol")
             arr = []
             script = "if (ctx._source.#{condCol} > params.event.get(\"#{condCol}\")) { ctx.op = \"none\" } else {<update>}"
             event.to_hash.each do |key,value|
              next if key.start_with?("@")
              arr.push("ctx._source.#{key} = params.event.get(\"#{key}\")")
             end
             updates = arr.join(";")
             script.sub!("<update>",updates)
             event.set(field_name,script)'
    }
}

And then in the elasticsearch output plugin:

script => "%{update_script}"

This assumes there is a "condCol" field in the input that describes which field should be used for the condition.
Also, this assumes the data is flat (or that you don't care about nesting) - there is no deep merge going on here, top level values get fully overwritten.

Topic		Replies	Views
Upsert Document on the basis of datetime format Elasticsearch	1	358	September 2, 2020
How to do conditional update and insert in ElasticSearch 6.1? Elasticsearch	1	955	July 30, 2018
Update API Conditional Delete Elasticsearch	3	332	July 6, 2017
Update(upsert) with query support Elasticsearch	6	2353	July 6, 2018
Python Elasticsearch Bulk Conditional Upsert Elasticsearch	1	6832	February 10, 2017

Conditional update to the document

Related topics