Hi all,
I need to read alla index documents and for all add a new field with default value, my code is this:
input {
elasticsearch {
hosts => ["http://myelastic:9200"]
index => "myindex-txt"
user => aaa
password => aaa
}
}
filter {
mutate {
add_field => { "my_flag" => "N" }
}
}
now in output if I try the "elasticsearch" plugin the result is the duplication of the documents, but if I try _update_by_query the document is modified.
The problem with my _update_by_query is that query part match only a subset of my documents.
I need something like this:
output {
if [a_field] != "1" add the field ( mutate ) with default value
if [a_field] != "2" add the field with "Y" value
}
Please help!
thanks