Update timestamp of logs already indexed into ES

Anwar_Ahmed_Sayed · August 18, 2019, 4:10pm

hi,
wondering a best approach to update timestamp of logs already indexed into ES.
the new value should be _timestamp = field1.value + field3.value.

@timestamp = August 18th 2019, 11:29:58.271
field1_time = August 17th 2019, 10:49:57.000
field2_value = 10 ->min

need to update @timestamp = field1_time + field2_value
ie; @timestamp = August 17th 2019, 10:49:57.000 + 10
@timestamp = August 17th 2019, 10:59:57.000

thanks in advance

wangqinghuan · August 18, 2019, 4:26pm

You can use Painless Script.

Anwar_Ahmed_Sayed · August 18, 2019, 5:56pm

thx for the reply. i am new to this. appreciate if you would shed more light on how to achieve this.

system · September 15, 2019, 5:56pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.