We are using ElasticStack 5.5.1(LogStash, ElasticSearch & Kibana). We have our Weblogic HTTP Access logs processed by LogStash to ElasticSearch - with little of enriching the file by adding our offices in other states by Internal IP range.
I need some help in updating a field. We have been processing the logs for over 3 months and we have quite a few entires that needs to be updated. During the enriching process we look at the IP range and tag the entry of our office, since then we have gained more information about the range and now we want to go back and update some of those entires.
ex. if IP like 100.101.X.X then Office = 'NewYork' else if .... else Office = 'Not Defined'
Please help me on how to achieve this using Kibana Dev tools.
you can use the update by query API in combination with a script to do this (check the examples in the docs and of course dont test this on your live data first when writing the script .
Thank you for your quick response. I am still learning the tool and please bear with me. The Update API is great but all the examples that I have seen are showing how to increment a number but in my case I want to change the string value from "Not Defined" to "New York".
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
.