0

I am working on generating logs and then from those logs generating an index. I have generated an index from the logs but now I need to modify a field of all the documents having that field.

Technically there is a field in my document named as status which tells the status of the transaction, In my logstash configuration file I have given a status "Transaction posted on POS" but now I want to change that to "Transaction completed on POS"

It's more like a find and replace query, any idea how can I achieve this using DSL query?

Improve this question
2
  • i don't know about logstash but in Graylog 2 you can simply search for anything including statuses without config changes.. Commented Dec 5, 2017 at 6:02
  • Thanks for the suggestion. But I need a solution for elasticsearch Commented Dec 5, 2017 at 6:03

1 Answer 1

Reset to default
1

This sounds like something you could do with the update by query API.

You call that API with an Elasticsearch query to pick which documents to update (which can simply be a match-all if you want to update all documents) and a Painless script that actually changes the data in those documents.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.