Hello colleagues!
I am loading documents structured as follows:
{"vulnid": "CVE-2018-0001", "product": ["juniper junos 12.1x46 d10", "juniper junos 15.1x53 d63"], "description": "A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP", "cvss:confidentiality-impact": "PARTIAL", "published": "2018-01-10T17:29:00.930-05:00"}
I am using ESBULK tool for faster loading times, but I cannot control the metadata “_id” field with it.
{
"_index": "softwarebugs",
"_type": "default",
"_id": "aRKoX2QBV7uFZj55bVLi",
"_version": 1,
"_score": null,
"_source": {
"vulnid": "CVE-2018-0001",
"product": [
"juniper junos 12.1x46 d10",
...(truncated data)
The _id is automatically created for me. ("_id": "aRKoX2QBV7uFZj55bVLi",)
Is there a way to manipulate the data already imported to accomplish something like:
{
"_index": "softwarebugs",
"_type": "default",
"_id": "CVE-2018-0001",
"_version": 1,
"_score": null,
"_source": {
"vulnid": "CVE-2018-0001",
"product": [
"juniper junos 12.1x46 d10",
...(truncated data)
Most optimally would be to create mapping before using esbulk tool (and specify override to the "_id" to use "vulnid" field value as "_id".
Thank you for hints.