I am using ELK 7.4.2 and need to write a script to update documents in my cluster. (We have about 20 TB of data so I also ask for advice about optimizations!)
I have documents that look like
{
"owner": "Matt",
"cars": [ "Honda", "Kia", "Aston Martin" ]
}
and I would like to write a script that will remove values from matching documents. For example, remove "Aston Martin" from all the cars array for all documents that have "Aston Martin" in the cars array. I have a number of attempts to do this but am having a hard time even debugging the problem(s). Any advice would be appreciated. Here is my latest attempt.
POST /automobiles/_update_by_query
{
"query": {
"term": {
"cars": "Aston Martin"
}
},
"script_fields": {
"edit-automobiles-script": {
"script": {
"source": """
def names = ["Aston Martin"];
for (int j = 0; doc.containsKey("cars") && j < doc["cars"].size(); j++) {
if (names.contains(doc["cars"][j])) {
doc["cars"].values.removeIf(car -> names.contains(car));
}
}
""",
"lang": "painless"
},
"ignore_failure": false
}
}
}```