I have log-data from various sources that have been pre-indexed into "master indices". I'd like to re-use that data by copying/re-indexing it into new indices but with parts of the timestamp updated - year, month, day to be specific - we, need the time part to remain equal - only the year/month/day should be updated to the current (re-indexing) date. Can this be accomplished using painless and/or re-indexing pipeline?
I've tried (so far) something in the line of this (incomplete). I'm far from a painless guru so please bare with me:
POST _reindex
{
"source": {
"index": "packetbeat-*"
},
"dest": {
"index": "<new index>"
},
"script": {
"lang": "painless",
"source": "def sf = new SimpleDateFormat(\"yyyy-MM-dd'T'HH:mm:ss\"); def dt = sf.parse(ctx._source['@timestamp']); def calendar = sf.getCalendar(); calendar.setTime(dt); def instant = calendar.toInstant(); def localDateTime = LocalDateTime.ofInstant(instant, ZoneOffset.UTC); ctx._source['@timestamp'] = localDateTime.plusDays(...);"
}
}
The "magic" needs to happen at the end of the painless script. I need all timestamps to be calculated relative to today's date. Assuming today's date is 2024-01-23:
2023-12-09 09:53:12 -> 2024-01-22 09:53:12
2023-12-08 12:53:12 -> 2024-01-23 12:53:12
and so forth.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.