_update_by_query updates 3000 records instead of excpected 1

jobra · July 15, 2019, 2:01pm

Hello,

In my elastic db I have one, and only one, json document where a "comment" field equals to
".Stream ID:0. IP Data.somename.some.name some name:00."

I am running v. 6.6.2

Running the following _update_by_query using curl, changes the field "comment" in 3000 documents, instead of the single wanted document.

curl -X POST "https://localhost:9243/mydoc/_update_by_query" -u user:pass -o out.json -H 'Content-Type: application/json' -d'@data.json'

In data.json
{
"script": {
"source": "ctx._source.file_path = 'C:\\test'",
"lang": "painless"
},
"query": {
"bool": {
"should": [
{ "match": { "comment":".Stream ID:0. IP Data.somename.some.name some name:00." }}
]
}
}
}

system · August 12, 2019, 2:01pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.