[Help Needed] How to modify specific field value

Ramesh_Janagam · November 29, 2016, 3:16am

Sorry I am new to ES. I have to give quick demo on my application log analysis.

Question:

I have several documents which have field name logname='APPLog'
I wanted to change field to 'AppLog' wherever it has 'APPLog'

in summary update:
from: logname='APPLog'
to: logname='AppLog'

Can anyone give exact query?

dadoonet · November 29, 2016, 6:05am

You can give a look at update by query in the docs.

But do you really to change it? Is it for display purpose? For search? Aggregations?

Ramesh_Janagam · November 29, 2016, 7:50am

Only for aggregation.

I have pumped many documents but I have made mistake in logstash so few documents have typo. So kibana aggregations give separate barchart for terms( though I changed to uppercase in kibana).

dadoonet · November 29, 2016, 9:11am

Yeah. I see.
Ideally in a next version of elasticsearch, we will support an option to lowercase keyword fields.

Are you using elasticsearch 5.0?

system · December 27, 2016, 9:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Changing the value of log entry in old index Elasticsearch	7	615	December 17, 2019
Why elasticsearch convert all my field name to lower case? Elasticsearch	8	3619	July 3, 2018
Changing the analyzer type fields are no longer aggregatable Elasticsearch	4	1008	December 17, 2018
Change a Number Field Value Logstash	12	967	July 2, 2019
Not able to search or aggregate values from a field included lately in the mapping Elasticsearch	5	597	December 31, 2021

[Help Needed] How to modify specific field value

Related Topics