Copy Field from a new processed document to an old Document

Tensoue · October 4, 2020, 11:42am

Hi all,
I am trying to copy field from a new document received in logstash to an old one exists in the elasticsearch server.

For example:
There are 2 events, lets call them event1 and event2

event1{name: "xyz",lastname:"abc"} - recieved in 12:00am
event2{name: "dfs",lastname:"asdf",status:3} - recieved in 12:30am

I want to copy the status field from event2 to event2(event 1 already indexed)

I tried many options with elasticsearch output plugin but could only merge the documents.
How can I copy only the status field?

The purpose of this is because i'm creating a transform from those events and the transform must be grouped by the "status" field.

Thanks alot for helping!

system · November 1, 2020, 11:42am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash elasticsearch filter plugin Logstash	2	569	July 6, 2017
Copying field in from one event to other in logstash Logstash	9	911	April 1, 2019
Copy complete event to a field of a new event Logstash	8	1680	February 28, 2022
How to get the one document's field and update with another document's fields[transfer the field's value from one event to another event] Logstash	4	1359	June 28, 2019
Document id upsert update fields in new object and keep others Logstash	1	1017	August 4, 2017