Conditionally add a new field to existing data in elastic search

feb · August 2, 2019, 6:24am

Hello there. New to Elastic Search. Kindly suggest a solution to add a new field conditionally to my document

current data in ElasticSearch

"_index": "test",
"_type": "logs",
"_id": "AWDgIKFCvg3odC71dRbc",
"_score": 0.09685399,
"_source": {
"HighTH": 120000,
"@timestamp": "2018-01-10T12:52:02.684Z",
"Cust": 16926,
"areaCode": 123
"application": "myapps",
"@version": "1",
"host": "localhost",
"Run_date": "2018-01-03T16:00:00.000Z",
"LowTH": 10000,
"message": "04-JAN-2018,MN,16926,206472,15785,120000,10000",
"Trans": 206472,
"Cntry_code": "NO",
"Trans_GPS": 15785
}

i need to add a field "gpsStrength": 209845 into data only if "Cust" = 16926 and "areaCode" = 123.

the required result need to be

"_index": "test",
"_type": "logs",
"_id": "AWDgIKFCvg3odC71dRbc",
"_score": 0.09685399,
"_source": {
  "HighTH": 120000,
  "@timestamp": "2018-01-10T12:52:02.684Z",
  "Cust": 16926,
  "areaCode": 123
  "application": "myapps",
  "@version": "1",
  "host": "localhost",
  "Run_date": "2018-01-03T16:00:00.000Z",
  "LowTH": 10000,
  "message": "04-JAN-2018,MN,16926,206472,15785,120000,10000",
  "Trans": 206472,
  "Cntry_code": "NO",
  "Trans_GPS": 15785,
  "gpsStrength": 209845
}

I tried using index type and id which is updating tha data

POST test/logs/AWDgIKFCvg3odC71dRbc/_update?pretty { "doc": { "gpsStrength" : "209845" }

but required query based on _source values

kindly note that i used dynamic mapping

spinscale · August 2, 2019, 8:10am

check out the update by query API allowing you to only update documents that match a query condition.

feb · August 5, 2019, 4:56am

Thanks for the reply

I tried this. Working fine . Thanks

POST URL : test/_update_by_query?conflicts=proceed

Query : { "script": { "inline": "ctx._source.gpsStrength= 209845", "lang": "painless" }, "query": { "bool": { "filter": [ { "term": { "Cust": 16926 }}, { "term": { "areaCode": "123"}} ] } } }

Is there any way to do this update in bulk ? In my case "gpsStrength" field depends upon "Cust" and "areaCode"

spinscale · August 5, 2019, 9:41am

you could extend your query to match more documents and then decide in the script which gpsStrength to set.

--Alex

feb · August 6, 2019, 6:10am

Hi Alex,

I got your point, i tried and is right

But my current scenario is , i have more than million data. I can query with with only a unique field called "customerId". For each "customerId" i need to add a unique value field "customerPhoneNumber". If i use update by query i need to hit elastic search a million times.

Is Batch Processing a solution for this..?

spinscale · August 6, 2019, 8:37am

you can use the bulk API in combination with an update script. this requires you to know the ID of the document upfront. If that works for you, using the bulk API is the way to go

feb · August 6, 2019, 10:05am

Thanks a lot..will work out with this

system · September 3, 2019, 10:05am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.