Hi experts, I'm indexing Netflow data via logstash that does the logic to create new fields.
However If the data already exists in ES is there a way to reindex it in order to create these new fields based on the same conditions as Logstash would during data collection?
Thanks
Yep. You can use either the reindex API, or use Logstash to do this.
Thanks Mark for your reply. Could you please clarify how to "replay" the existing data and apply a logic to add new fields via the reindex API? my basic understanding is it only copies from existing to target index.
Thanks
You can use a script with reindex, but it might not be worth the hassle. Just use Logstash again.
Thanks Mark!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.