Field value should not be updated if document already exists

skairam · May 27, 2017, 8:49pm

HI,

I have fields CRTE_TMS, UPDATE_TMS. In my logstash configuration, i have the following mutate, which adds fields with current time stamps value and i have doc_as_upsert => true. This script is updating the existing documents as expected. However, only problem is, CRTE_TMS is always coming as current timestamp. How can i not update the CRTE_TMS if the document is already existing? any inputs on this will be appreciated. thanks

mutate {
	add_field => {
		"UPDATE_TMS" => "%{[@timestamp]}"
     "CRTE_TMS" => "%{[@timestamp]}"

	}
}

output {
elasticsearch{
hosts => ["localhost:9200"]
index => "index1"
document_type => "type1"
document_id => "%{LOG_ID}"
doc_as_upsert => true
}

skairam · May 30, 2017, 5:59pm

Hi, i tried upsert, script and scripted_upsert. nothing works. can anybody throw some inputs on this. appreciate it

system · June 27, 2017, 5:59pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash Update or Insert - logic for updating if existing Logstash	4	14376	April 13, 2017
Update document with Logstash without updating the @timestamp Logstash	1	934	July 6, 2017
Logstash is overwriting output elasticsearch Logstash	1	270	September 28, 2020
Update Existing document through logstash Logstash	5	1352	April 28, 2023
Prevent the loss of existing fields while using document_id of elasticsearch output plugin Logstash	3	312	May 7, 2020

Field value should not be updated if document already exists

Related topics