Copy Field from a new processed document to an old Document

Tensoue · October 4, 2020, 11:42am

Hi all,
I am trying to copy field from a new document received in logstash to an old one exists in the elasticsearch server.

For example:
There are 2 events, lets call them event1 and event2

event1{name: "xyz",lastname:"abc"} - recieved in 12:00am
event2{name: "dfs",lastname:"asdf",status:3} - recieved in 12:30am

I want to copy the status field from event2 to event2(event 1 already indexed)

I tried many options with elasticsearch output plugin but could only merge the documents.
How can I copy only the status field?

The purpose of this is because i'm creating a transform from those events and the transform must be grouped by the "status" field.

Thanks alot for helping!

system · November 1, 2020, 11:42am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Copy complete event to a field of a new event Logstash	8	1663	February 28, 2022
Adding new field to existing document Logstash	1	431	January 17, 2020
Elastic - Logstash: Copy data from one field to another field within same index - both the fields are nested Logstash	1	466	May 5, 2021
Couchdb_changes index only doc field from event Logstash	32	4250	July 6, 2017
Copy fields from latest doc in Transforms Elasticsearch	1	314	June 5, 2020