Hi all,
I have a problem with update_by_query in a pipeline but I noticed that the same query used into dev tools works fine:
PIPELINE
http { url => "http://crsinsightdev.icc.crifnet.com:9200/loyd-crs_insight_s1_agos-processcode-*-main/_update_by_query"
headers => ["Authorization", "Basic ZWxhc3RpYzplbGFzdGlj"]
http_method => "post"
format => "message"
content_type => "application/json"
message => '{
"script": {
"source": "ctx._source.flg_old_data = params.flg_old_data",
"lang": "painless",
"params": {
"flg_old_data": "Y"
}
},
"query": {
"bool": {
"must": [],
"filter": [
{
"bool": {
"filter": [
{ "bool": { "should": [ { "match_phrase": { "h.req-id": "%{req-id}" } } ] } },
{ "bool": { "should": [ { "match_phrase": { "h.process-code": "%{process-code}" } } ] } },
{ "bool": { "should": [ { "match_phrase": { "fields.s1env": "%{s1env}" } } ] } },
{ "bool": { "should": [ { "range": { "h.req-timestamp": { "lt": "%{req-timestamp}" } } } ] } }
]
}
}
],
"should": [],
"must_not": []
}
}
}
}'
}
DEV TOOLS
POST /loyd-crs_insight_s1_agos-processcode-panda_check-main/_update_by_query
{
"script": {
"source": "ctx._source.flg_old_data = params.flg_old_data",
"lang": "painless",
"params": {
"flg_old_data": "Y"
}
},
"query": {
"bool": {
"must": [],
"filter": [
{
"bool": {
"filter": [
{ "bool": { "should": [ { "match_phrase": { "h.req-id": "Test3GrpA" } } ] } },
{ "bool": { "should": [ { "match_phrase": { "h.process-code": "panda_check" } } ] } },
{ "bool": { "should": [ { "match_phrase": { "fields.s1env": "design" } } ] } },
{ "bool": { "should": [ { "range": { "h.req-timestamp": { "lt": "1663665372100" } } } ] } }
]
}
}
],
"should": [],
"must_not": []
}
}
}
**I have an index similar to this:**I need to implement AND condition with all fields.
My index is similar to this:
req-id process-code req-timestamp s1env flg_old_data
----------------------------------------------------------------
Test3GrpA panda_check 1663665372200 design
Test3GrpA panda_check 1663665372200 design
Test3GrpA panda_check 1663665372200 design
Test3GrpA panda_check 1663665372200 design
Test3GrpA panda_check 1663665372200 design
Test3GrpA panda_check 1663665372100 design Y
Test3GrpA panda_check 1663665372100 design Y
Test3GrpA panda_check 1663665372100 design Y
Test3GrpA panda_check 1663665372100 design Y
Test3GrpA panda_check 1663665372100 design Y
my query has to flags all documents with "req-timestamp" less then the current one, and it works, but when I load other documents with different "s1env" = "production" and "req-timestamp" = 1663665372100 even the "req-timestamp" = 1663665372200 is updated with "flg_old_data" = Y.
But if I execute the same update indicated above the update works fine and I don't understand why.
Can someone help me with this?
Thanks in advance.
D.