Hello! I need to update several docs into an old index based on a value of new records still do not indexed? Is there any way to implement it with Logstash?
This table below describes my index with old docs. The yellow line would be a new doc arriving.
RULE: As far the latest entry is received (NEW "not indexed entry") with STATE=OFF, all respective older entries of Group 1 (FROM EXISTING INDEX) must be set COLOR=RED
Could you please let me know any example with logstash?