我有一个Elasticsearch索引,其中某些记录的@timestamp为2月1日。_source中还有一个名为process_time的字段,对于具有相同{{ 1}}。
@timestamp我想在2月1日将所有具有{
"_index": "elasticsearch-index",
"_type": "doc",
"_id": "qByop2gBw60PM5VYP0aG",
"_score": 1,
"_source": {
"task": "INFO",
"@timestamp": "2019-02-01T06:04:08.365Z",
"num_of_batches": 0,
"batch_size": 1000,
"process_time": "2019-02-04 06:04:04,489"
}
},
{
"_index": "elasticsearch-index",
"_type": "doc",
"_id": "qByop2gBw60PM5VYP0aG",
"_score": 1,
"_source": {
"task": "INFO",
"@timestamp": "2019-02-01T06:04:08.365Z",
"num_of_batches": 0,
"batch_size": 1000,
"process_time": "2019-02-05 06:04:04,489"
}
}
的记录中的@timestamp更新为该记录中的@timestamp。
我该怎么做?
编辑:
在@mysterion的回答之后,我做了如下更改:
process_time但是我遇到了以下异常:
{
"script": {
"source": """ctx._source['@timestamp'] = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS").parse(ctx._source.process_time.replaceAll(",","."))""",
"lang": "painless"
},
"query": {
"term": {
"@timestamp": "2019-02-01"
}
}
}
答案 0 :(得分:0)
您可以利用Update by Query API 在Elasticsearch中更新所需的文档。
POST index_name/_update_by_query?conflicts=proceed
{
“script”: {
“source”: “ctx._source[‘@timestamp’] = new SimpleDateFormat(‘yyyy-MM-dd HH:mm:ss,SSS’).parse(ctx._source.process_time)”,
“lang”: “painless”
},
“query”: {
“term”: {
“@timestamp”: “2019-01-01T00:00:00Z”
}
}
}
您正在使用replaceAll方法,但实际上它不是普通的Java String方法。是
String replaceAll(Pattern, Function)
有关无痛API参考的更多信息-https://www.elastic.co/guide/en/elasticsearch/painless/current/painless-api-reference.html