I have a requirement in which i need to update the indexed data. Based on the value from the recent document , i need to update the current document.
Ex: similar to a counter. Can someone pour in some suggestions please? I am running out of ideas 
As Elasticsearch as a system does not have any idea of the your definition of 'recent' (is it a document that has just been indexed, or does it mean that most recent document based on a field value, also what happens if two systems index documents at the same time ... etc), it is hard to say what you are after here. Maybe you can explain your use-case a little bite more.
In general, there is no such mechanism you are asking for, but maybe the problem can be solved in a different way, once explained and understood.
I need to calculate the concurrent logged in users of the webapplication.
My indexed data looks like below.
Operation column will hold two values LOGIN/LOGOUT.
I am planning to add additional field to the index named LoginCount and calculate itsvalue based on the Operation column. Here is my script below
def LoginCount = doc['LoginCount '].value;
if(doc['Operation'].value=='LOGIN'){
** return LoginCount ++;**
}
else if(doc['Operation'].value=='LOGOUT'){
** return LoginCount --;**
}
I have created LoginCount as scriptedField to the index as Number type.
But everytime i am getting LoginCount as zero only for all the documents. This is because , from my understanding , the script is ran on the document that is currently being indexed. So, now I want to get Logincount from the previously indexed document ,and i need to add to the LoginCount . This is my usecase and i am planning to implement this way.
Any suggesstions better than this , please welcome.
Any help from Elastic Team please?
Why not create a separate index with a document per user where you keep track of the current status? You would update this on login/logout and user the username as document id.
I am already using ingestnode pipelines to index and parse this document. So, Does this mean i need to have another pipeline to create an index ?
Can you please explain this a little more ?
I have done this using a Logstash clone filter to create a separate event for the user centric index and then indexing it in parallel to the main event. I do not think ingest node pipelines support this though.
our requirement is to use ingest node pipelines only
Can we iterate over the Elasticindex once a day and manipulate the Logincounts?
Is it possible we can iterate over the index created using painless script ?
I am wondering can we implement this logic with Bucket aggregations 
Sounds like data frame transforms might be a good fit.
I created a scripted field which will return a numeric value 1, if Operation is LOGIN and -1 on logout. Created a vertical bar chart visualisation with sum of the scripted field in X-axis and time in yaxis. That resolved my issue. Thanks to all for the time and answers.
if(doc['Operation'].value=="LOGIN"){ return 1; } if (doc['Operation'].value=="LOGOUT"){ return -1; } else{ return 0; }
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.