Update values based on previous documents

SKraine · February 7, 2022, 12:40am

Hey Everyone!

So I am very new to the elastic stack and am currently working on my first application using it. I have data that comes from different files via filebeat. They then go through logstash to parse out the fields of the document. The problem is that some messages have different data compared to each other. For example:

doc1
{
"latitute": 20
"longitude": 30
}

doc2
{
"level": "Error"
}

However, I want to visualize the data via Kibana using a map. and I need the data from Doc1 and Doc2. Is there a way to use a script to access the data from Doc1 to update Doc2? I would prefer not to create additional documents if that is possible. Thanks for the help!

Tomo_M · February 7, 2022, 1:08am

Hi,

Yes you can use aggregation filter plugin to aggregate some messages on specified rules.

SKraine · February 24, 2022, 4:34pm

Hey Tomo,
I decided to work in a different direction as I need to do some more analysis after the collection so I ended up using the python API to pull the data.
Thanks for the help!

system · March 24, 2022, 4:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Update ElasticSearch existing documents with new fields Logstash	2	762	May 8, 2019
Can we update the messages on the same document based on unique field Kibana	2	264	February 10, 2020
How to merge two document in logstash Logstash	2	1828	June 11, 2020
Update document in elasticsearch Elasticsearch	4	485	November 1, 2018
Logstash filter: updating nested document event by querying ES Logstash	1	381	March 22, 2017

Update values based on previous documents

Related topics