I am a little confused with various options in Update API. Here is a gist of what I understand:
- Scripted updates
payload: a "script"
result: update the doc using script. fail if doc doesn't exist - Update with a partial doc
payload: a "doc"
result: merge "doc" payload into existing doc. Fail if there is no existing doc - Upserts
payload: a "script" and a "upsert"
result: if no existing doc, create a doc with "upsert" content. Else, update the doc using "script" - Scripted Upsert
payload: a "script" only (I assumed "upsert" payload doesn't make sense here)
result: similar to regular upsert but use "script" for both insert and update. - doc_as_upsert
payload: a "doc" only
result: merge "doc" payload into existing doc. Create one if there is no existing doc
Did I understand them right? If yes, I am having some dilemma choosing the right options in Logstash elasticsearch plugin. My scenario is this,
- insert logstash event as a new doc if none exists
- use script to update an existing doc if one exists
I don't understand why elasticsearch update API has to define a special payload named "upsert". Isn't it simpler to interpret "doc" payload depending on context. Now, the trouble with special "upsert" payload is in Logstash elasticsearch plugin, "upsert" option accepts a string. How can I marshall the entire event into a single string?
Thanks in advance. 