My pipeline receives two kind of unordered events: a parent event and possibly some children. Both will be grouped by a same id in one document in the index. The parent event will be written to the "parent" field and the children will be written to a "children" nested field.
I can receive either one first. The first one that comes to the pipeline will generate the index document.
For each child event I want to update a counter field in the index, so I thought I could do this with a script in the output. But it seens that this script is only running for events that happen to update the document.
Could anyone explain the configuration below to me? I am a little confused by the correct combination of the action/doc_as_upsert/scripted_upsert/upsert/script parameters...
Thank you
elasticsearch {
hosts => ["vmsrv103:9200"]
index => "nfe"
document_type => "default"
document_id => "%{id}"
action => "update"
doc_as_upsert => true
script_lang => "painless"
script_type => "inline"
script => "
ctx._source.put('test_field', 'only-to-check-how-many-events-pass-through-here');
if(params.event.get('parent') == null) {
if(ctx._source.qtyChildren == null) {
ctx._source.put('qtyChildren', 1);
} else {
ctx._source.qtyChildren += 1;
}
} else {
if(ctx._source.qtyChildren == null) {
ctx._source.put('qtyChildren', 0);
}
}
"
}