Create new document from extracted fields

earthpatipon · November 5, 2019, 5:14am

Hi there,

Here is my log structure that comes directly from a service.

PUT my_index/_doc/1
{
    "user": [
    {
      "firstName": "Tim",
      "lastName": "Cook"
    },
    {
      "firstName": "Bill",
      "lastName": "Gates"
    }
    ]
}

I want to extract each index in user array and create new documents for them.
So it would be something like,

PUT my_index/_doc/1
{
  "user": {
      "firstName": "Tim",
      "lastName": "Cook"
    }
}

PUT my_index/_doc/2
{
  "user": {
      "firstName": "Bill",
      "lastName": "Gates"
    }
}

My question is how to do so? use ingest pipeline node? Please give me some idea

Christian_Dahlqvist · November 5, 2019, 5:25am

As far as I know ingest pipelines can not generate additional documents, so you may need to use a split filter in Logstash.

system · December 3, 2019, 5:25am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Pipeline processor to convert nested array to documents while reindexing Elasticsearch	6	510	February 17, 2021
How to process again documents already ingested Elasticsearch	4	476	October 30, 2020
Create new document on index and update a second document Elasticsearch	3	735	September 4, 2019
Document cloning and splitting in Ingest APIs Elasticsearch	4	841	June 20, 2017
How to create a new field in a doc using scripted fields and ingest pipeline Elasticsearch	2	639	April 9, 2020

Create new document from extracted fields

Related topics