Hi,
If i run the following search query i get back the documents i expect,
def get_results():
search = es.search(
index = "logs-*",
body = {
"from": 0, "size": 10000,
"query": {
"bool" : {
"must": [{"exists": {"field": "powershell.file.script_block_text"}},
{"range": { "@timestamp": { "gte": "now-15m", "lte": "now" } } }]
}
},
"fields": ["powershell.file.script_block_text", "freq_score"],
}
)
return search
However if i take the search query and send it to update_by_query, it does not seem to find the documents it did before.
def update1():
update = es.update_by_query(
index= "logs-*",
body={
"query": {
"bool": {
"must": [{"exists": {"field": "powershell.file.script_block_text"}},
{"range": {"@timestamp": {"gte": "now-15m", "lte": "now"}}}]
}
},
"script": {
"source": "ctx._source.powershell.file.script_block_text=params.value",
"lang": "painless",
"params": {
"value": "TEST"
}
}
},
)
return update
Returns:
{'batches': 0,
'deleted': 0,
'failures': ,
'noops': 0,
'requests_per_second': -1.0,
'retries': {'bulk': 0, 'search': 0},
'throttled_millis': 0,
'throttled_until_millis': 0,
'timed_out': False,
'took': 3,
'total': 0,
'updated': 0,
'version_conflicts': 0}
I have looked through the documentation and can not find anything that explains why this is occurring.