hi
We have some "enriched" events in an index from last month for a customer product checkout. The enrichment has happened in "elastic beats" && "logstash" and not entirely in my control. So I cannot simulate the _raw events again.
The only option left is to re-index a "set of events" in order, but just change the "timestamp" of the sequence on the fly. Is there a tool/idea to
- Get specific data from index
- reindex these events to another test-index but with "similar timestamp" for today
Eg of what I'm looking for is
- Using https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-reindex.html (re-index api)
- But ability to transform/change the logs with certain logic (or pass it back to logstash)