Hello,
I have some filebeat events which were processed by Logstash and output in an Elasticsearch index. The documents in the index have a "message" field which contain a string that I need to modify.
Is there a command I can run (curl or Dev Tools) that can find the string I want and replace it, on the fly? I was thinking about a regexp query, but I cannot find the command to modify the field as well - it only does a search. This is an example of what I want to do:
i.e.
from:
message = "restart.sh -username MyUsername"
to:
message = "restart.sh -username ?"
So basically I want to find anything that matches "-username <any_string>" and replace it with "-username ?".
Thank you,
Joey