Update index with static value instead of scripted field

stevezemlicka · February 10, 2021, 3:40pm

I have a scripted field generating the hour of the day in a particular index. Unfortunately due to the size and the necessary complexity (result of timezone challenges), it is making some Kibana visualizations slow.

Using a simple scripted field as follows works quickly but is inaccurate:

return doc['@timestamp'].value.getHour();

The one I am using for accuracy is as follows:

return LocalDateTime.ofInstant(Instant.ofEpochMilli(doc['@timestamp'].value.millis),ZoneId.of('America/Chicago')).getHour()

While I could modify the raw data and re-ingest, I would like to figure out how to do this with elasticsearch itself. Is it possible to run a post command to populate a new field like this? If so, how might i go about formulating a post/update like that?

stevezemlicka · February 10, 2021, 4:43pm

or, maybe it would be more efficient to do a reindex of the dataset. Is it possible to include a scripted field's output in a reindex as a static value?

stevezemlicka · February 10, 2021, 4:45pm

I might not have done enough research on this before posting...perhaps the answer is in something like:

system · March 10, 2021, 4:46pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.