Update timestamp of logs already indexed into ES

Anwar_Ahmed_Sayed · August 18, 2019, 4:10pm

hi,
wondering a best approach to update timestamp of logs already indexed into ES.
the new value should be _timestamp = field1.value + field3.value.

@timestamp = August 18th 2019, 11:29:58.271
field1_time = August 17th 2019, 10:49:57.000
field2_value = 10 ->min

need to update @timestamp = field1_time + field2_value
ie; @timestamp = August 17th 2019, 10:49:57.000 + 10
@timestamp = August 17th 2019, 10:59:57.000

thanks in advance

wangqinghuan · August 18, 2019, 4:26pm

You can use Painless Script.

Anwar_Ahmed_Sayed · August 18, 2019, 5:56pm

thx for the reply. i am new to this. appreciate if you would shed more light on how to achieve this.

Topic		Replies	Views
Updating DATE type filed Elasticsearch	2	347	July 6, 2017
Timestamp update Elasticsearch	3	1285	February 22, 2021
Update by query date field (painless) and add hours Elasticsearch painless	4	1493	November 16, 2020
Update "timestamp" field by query (subtract time from the original field and reindex) Elasticsearch	5	2053	June 28, 2018
Updating dateparts of timestamp using query update and/or reindex/pipeline Elasticsearch painless	2	228	February 20, 2024

Update timestamp of logs already indexed into ES

Related topics