Update document in elasticsearch

richagautam · October 1, 2018, 5:17am

Hi Team,

I have used logstash to parse the log file then using elasticsearch to save the index and kibana to visualize it.

My problem is that for a particular log file (Path) i am getting value of one filed only once and for rest of the rows, for same file(Path), i want to update that filed with the same value which i got in one of the record.

sample sql query:

update Path A set A.Filed = B.Filed
from Path A, Path B
where A.Path = B.Path and A.Filed = null.

Is it possible to update it in elasticsearch using kibana dev tool or how can i achieve this. Any sample query to handle such type of situation

Thanks

richagautam · October 3, 2018, 11:40am

Hi,

Any suggestion for above scenario.
Can i update it in logstash using ruby filter

warkolm · October 4, 2018, 3:44am

You cannot do this with a query, you would need to do it before you sent it to Elasticsearch for indexing.

richagautam · October 4, 2018, 5:05am

Thanks for the confirmation.

Can I update it in logstash using Ruby filter.

Thanks

system · November 1, 2018, 5:05am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.