Update Documents with new Field

Elastic Stack Elasticsearch
1

I have a set of data wherein generic identifiers exist. This is partially due to another index which also uses these generic identifiers and our use of Timelion to display dashboards with a combination of data from both indexes. I noticed the controls visualization in kibana and would like to use that to easily select based on these identifiers but would like a friendly name rather than the number/id.

While I could just manipulate the source data and re-ingest, I'm trying to learn Elasticsearch and would like to figure out how to do this for when I run into situations where re-ingesting isn't possible.

I was looking at the update by query documentation. It looks like you can use an ingest pipeline to create and assign a value to field. So does this mean I can do something like the following to update all documents in "my-index-000001" with the ID field having a value of "15" with a new field called "Name" and a value of "FirendlyID"?

PUT _ingest/pipeline/set-name
{
  "description" : "sets name",
  "processors" : [ {
      "set" : {
        "field": "Name",
        "value": "FriendlyID"
      }
  } ]
}
POST my-index-000001/_update_by_query?pipeline=set-name
{
  "query": { 
    "term": {
      "ID": "15"
    }
  }
}
2

Yes this is a good option
An other option is to use a painless script to update docs

3

Thank you. Did some more digging into the script option which I didn't really understand until I did so. Would that look something like:

POST my-index-000001/_update_by_query
{
  "script": {
    "source": "ctx._source.Name = 'FriendlyID'",
    "lang": "painless"
  },
  "query": {
    "term": {
      "ID": "15"
    }
  }
}
1 Like
4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.