I have a document that is inserted into elasticsearch under the index: index-%{+YYYY.MM.dd}
where %{+YYYY.MM.dd}=2017-08-09
A day later another event comes in and I have to update that document I inserted yesterday.
When trying to update I get a status 404 meaning it cannot find that record is my guess.
When the inserted document is updated on the same day and thus also under the same index it finds it and updates it without any errors.
How can I get hold of the index for the document I am trying to update so that I can dynamically use it in the output when updating?
You can use an elasticsearch filter to locate the original document. The filter has options to save metadata like the index name into fields that you can use later on in the elasticsearch output.
This is the result when I send the output of that field to a log file: "current_index" => nil
I also tried it without the underscore.
Am I using the wrong identifier?
This doesn't work because _index isn't a field in the original document. Unfortunately I mixed up the elasticsearch index with the elasticsearch filter. The former can add metadata fields like the index name to the event but the filter can't. There's an open pull request to add that , though:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.