How to replace field with another field value for entire index?

BHAVIK_CHITRODA · December 6, 2018, 9:45pm

Hi, I am new to Elasticsearch and still trying to figure the APIs for update and modifying documents/data on elasticsearch indexes.

I forwarded certain logs from Logstash to ES indexes. My logstash file is pretty complex and has multiple parsers. I forgot to use date filter for a set of logs. Now I have 10k logs showing in Kibana with wrong @timetamp value. I have a field called "createdOn" that I want to use as @timestamp

How can I replace the value of @timestamp with createdOn field for all logs in that index without resending the logs from logstash?

Please help.

Thank you

system · January 3, 2019, 9:45pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can't modify the @timestamp field via logstash Logstash	2	30	August 16, 2024
How can I rename and reorder fields in Kibana? Kibana	7	6427	April 25, 2017
How do I replace timestamp field with the time stamp field inside my log file? Logstash	7	8341	November 3, 2017
Adding a new field to an index Elasticsearch	6	1084	November 4, 2022
Replace @timestamp with source log timestamp Logstash	27	10258	February 20, 2019

How to replace field with another field value for entire index?

Related Topics