Reindex API for split a field

Farid_N · May 26, 2021, 6:17am

Hi
I've created an index template, and now trying to reindex my logs according to that index template.
This is a log just for instance:

  "_score": null,
  "_source": {
    "@timestamp": "2021-05-25T08:38:36",
    "host": "172.18.20.22",
    "Level": "Debug",
    "events": [
      "MessageTemplate": "{TimeoutTransactionLogsCount} transactions have timed-out.",
      "Properties": {
        "MachineName": "Monitoring",
        "Source": "NOC",
        "ProcessName": "LogService",
        "SourceContext": "LogSvc.TimeoutManager",
        "ThreadId": 10,
        "TimeoutTransactionLogsCount": 0
      }],
    "Level": "Debug",
    "Timestamp": "2021-05-25T13:07:40.7495940+04:30"
    },

As you see, the events field is an array and all content bellow it is [0]
I want to write a reindex API script to specify the source and dest and also split the events field into document not an array. For example this is what I need:

  "_score": null,
  "_source": {
    "@timestamp": "2021-05-25T08:38:36",
    "host": "172.18.20.22",
    "Level": "Debug",
    "events": {
      "MessageTemplate": "{TimeoutTransactionLogsCount} transactions have timed-out.",
      "Properties": {
        "MachineName": "Monitoring",
        "Source": "NOC",
        "ProcessName": "LogService",
        "SourceContext": "LogSvc.TimeoutManager",
        "ThreadId": 10,
        "TimeoutTransactionLogsCount": 0
      }},
    "Level": "Debug",
    "Timestamp": "2021-05-25T13:07:40.7495940+04:30"
    },

How can I write the script in the dev tools?

POST _reindex
{
  "source": {
    "index":"testlog-2020.05.03"
  },
  "dest": {
    "index": "testlog-2020.05.03-reindexed"
  },
  "script": {
    "lang": "painless", 
    "source": "a script for changing `events` array to document..."
  }
}

Thanks in advance

Farid_N · May 26, 2021, 9:55am

The problem solved...

warkolm · May 26, 2021, 11:12pm

Please share the solution in the thread, it might help someone in future

Farid_N · May 30, 2021, 6:29am

Sure

The script will be:

POST _reindex
{
  "source": {
    "index":"testlog-2020.05.03-new"
  },
  "dest": {
    "index": "testlog-2020.05.03-reindexed"
  },
  "script": {
    "lang": "painless",
    "source": "if (ctx._source.events != null) { ctx._source.events = ctx._source.events[0];}"
  }
}

Thank you so much

system · June 27, 2021, 6:29am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.