Find a document with query and modify a string in the message field

cotjoey · June 8, 2020, 7:47pm

Hello,

I have some filebeat events which were processed by Logstash and output in an Elasticsearch index. The documents in the index have a "message" field which contain a string that I need to modify.

Is there a command I can run (curl or Dev Tools) that can find the string I want and replace it, on the fly? I was thinking about a regexp query, but I cannot find the command to modify the field as well - it only does a search. This is an example of what I want to do:

i.e.

from:
message = "restart.sh -username MyUsername"

to:
message = "restart.sh -username ?"

So basically I want to find anything that matches "-username <any_string>" and replace it with "-username ?".

Thank you,
Joey

system · July 6, 2020, 7:47pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Find and replace string in message field Beats filebeat	2	2718	November 26, 2020
Modify field name based on the some condition like field"s value Beats filebeat	2	760	January 16, 2018
Need help with search query Elasticsearch	5	453	March 9, 2023
Find a string and replace with another in all the documents Elasticsearch	1	1085	April 3, 2018
Modify body of a forum message when it's closed Meta Elastic	7	1924	November 4, 2022

Find a document with query and modify a string in the message field

Related topics