Update document structure without duplication

reed · September 27, 2022, 9:27am

Hi all,

I need to read alla index documents and for all add a new field with default value, my code is this:

input {
	elasticsearch {
	hosts		=> ["http://myelastic:9200"]
	index		=> "myindex-txt"
	user		=> aaa
	password	=> aaa
	}
}

filter {

	mutate {
	add_field => { "my_flag"	=> "N" }
	}
}

now in output if I try the "elasticsearch" plugin the result is the duplication of the documents, but if I try _update_by_query the document is modified.
The problem with my _update_by_query is that query part match only a subset of my documents.
I need something like this:

output {

if [a_field] != "1" add the field ( mutate ) with default value

if [a_field] != "2" add the field with "Y" value

}

Please help!

thanks

system · October 25, 2022, 9:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elasticsearch update the document without updating the existing field value Logstash	2	813	March 17, 2017
Update existing document Logstash	3	195	June 9, 2022
Add new field to existing documents in an index from logstash is recreating the index Logstash	4	903	March 19, 2020
Add a new field in all the existing documents in ES Elasticsearch	3	274	September 21, 2022
Logstash is overwriting output elasticsearch Logstash	1	268	September 28, 2020

Update document structure without duplication

Related topics