It appears that if I need to edit an enrichment policy that an ingest pipeline uses, I have to delete the pipe, then delete the policy, then create the new edited policy, then create the ingest pipeline. That is the process I used in my POC cluster, but if I need to edit the policy in a PROD cluster, that multiple step process could present a problem with a lot of events coming in.
Do I have the process of editing a policy correct or is there a better way?
Unfortunately that is the only way to do it - Set up an enrich processor | Elasticsearch Guide [8.2] | Elastic
Actually @chapmantrain @warkolm linked to the proper process.
You can do this with no downtime.
Say your updating your source index for the enrich index daily.
You create the policy with a date suffix...
That policy is referenced inside your ingest pipeline.
So you just create a new enrich policy with today's date from today's new source index.
Then update The pipeline that uses that enrich policy with today's date.
Then you delete the old enrich policy.
Once created, you can’t update or change an enrich policy. Instead, you can:
- Create and execute a new enrich policy.
- Replace the previous enrich policy with the new enrich policy in any in-use enrich processors.
- Use the delete enrich policy API to delete the previous enrich policy.
Thanks Stephen and Mark. Looks like I can rig a way around down time. There is always a way.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.