Update timestamp of logs already indexed into ES

Anwar_Ahmed_Sayed · August 18, 2019, 4:10pm

hi,
wondering a best approach to update timestamp of logs already indexed into ES.
the new value should be _timestamp = field1.value + field3.value.

@timestamp = August 18th 2019, 11:29:58.271
field1_time = August 17th 2019, 10:49:57.000
field2_value = 10 ->min

need to update @timestamp = field1_time + field2_value
ie; @timestamp = August 17th 2019, 10:49:57.000 + 10
@timestamp = August 17th 2019, 10:59:57.000

thanks in advance

wangqinghuan · August 18, 2019, 4:26pm

You can use Painless Script.

Anwar_Ahmed_Sayed · August 18, 2019, 5:56pm

thx for the reply. i am new to this. appreciate if you would shed more light on how to achieve this.

system · September 15, 2019, 5:56pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Adding a new field to an index Elasticsearch	6	1084	November 4, 2022
Update single fileds in a given document already stored in ES? Logstash	1	322	March 12, 2018
Need help regarding the timestamps of logs pushed into ElasticSearch through instance of Logstash Logstash	10	1304	October 10, 2019
Last update timestamp for a specific field? Elasticsearch	3	1090	December 5, 2016
How to replace field with another field value for entire index? Elasticsearch	1	1636	January 3, 2019

Update timestamp of logs already indexed into ES

Related topics