Update nested object in ElasticSearch

MMH · September 23, 2019, 8:23pm

In one of my pipelines I am using logstash with JSON input and output to Elasticsearch with action => "update".
One of the document fields contains nested data type. If in input JSON I receive following:

"nested_field":{"ident":"1","someField":"someVal"}

I should update nested_field, find objct with value 1 in field ident and for this object update field someField to someVal.
Is such operation possible in Logstash?

stefws · September 23, 2019, 8:55pm

Yes it is...

filter  {
   # either conditional
   if [nested_field][ident] == '1' {
      # use any filter plugin to alter [nested_field][someField]
   }

  # or use the alter plugin
  alter {
     condrewriteother => [
       "[nested_field][ident]", "1", "[nested_field][someField]", "new_value"
    ]
  }
}

MMH · September 23, 2019, 8:58pm

Thank you for answer, but maybe I will describe my problem more through.
I have already in ElasticSearch document, with objects in nested_field. I need to update one of these objects (in ElasticSearch) using Logstash, but not to change other objects in nested_field.

Badger · September 23, 2019, 9:15pm

I think you are looking for the update_by_query API in elasticsearch. You can do that using a POST from an http filter, similar to the delete field script in the other thread.

Topic		Replies	Views
Update few Attributes in Nested Object of index using logstash Logstash	1	256	July 28, 2021
Is it possible to update nested field by query? Elasticsearch	1	1308	July 6, 2017
Update single field in document in elastic from within logstash Logstash	4	3956	August 18, 2017
Update Nested object with logstash Logstash	1	1884	February 21, 2017
Update document in elasticsearch Elasticsearch	4	551	November 1, 2018

Update nested object in ElasticSearch

Related topics