I am reading cloudfront logs using logstash and storing the data into elasticsearch, the process works fines and stores all the required fields, so far I have 11M records in cluster. Now for the statistics purposes I feel it would have been better and easy if I had stored day name, day number and time of the day from the very beginning. Can I now update the current data and have these fields ?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.