Sending new fields to exisiting Elastic document, losing old data

EdgeSync · November 7, 2019, 5:30pm

I have solved it myself

based on this post: doc_as_upsert vs upsert properties

It was required to make it an upsert.

so my logstash config looks something like this

input {
udp {
port => 10001
codec => json
}
}

filter {
fingerprint {
source => "id"
target => "[@metadata][fingerprint]"
method => "MURMUR3"
}
}

output {
elasticsearch {
hosts => ["https://127.0.0.1:9200"]
user => "logstash_account"
password => "some_password_here"
cacert => "/etc/logstash/conf.d/cacert.cer"
ssl_certificate_verification => false
document_id => "%{[@metadata][fingerprint]}"
index => "some_index"
doc_as_upsert => true
action => update
}
}

Topic		Replies	Views
Document id upsert update fields in new object and keep others Logstash	1	1017	August 4, 2017
Can I use Logstash to add new fields to a document that's already in Elasticsearch? Logstash	3	3371	July 6, 2017
Update Existing document through logstash Logstash	5	1352	April 28, 2023
Update existing and insert new fields on the same index in elastic search using Logstash config Logstash	5	4330	September 15, 2017
Add new field to existing documents in an index from logstash is recreating the index Logstash	4	903	March 19, 2020

Sending new fields to exisiting Elastic document, losing old data

Related topics