根据Kibana / Elasticsearch中的条件更新文档中的字段
[英]Update field in a document based on the condition in Kibana/Elasticsearch
问题描述
I am trying to update particular field in document based on some condition. 
我正在尝试根据某些条件更新文档中的特定字段。 In general sql way, I want to do following. 在一般的sql方式中,我想执行以下操作。
Update index indexname
set name = "XXXXXX"
where source: file and name : "YYYYYY"
I am using below to update all the documents but I am not able to add any condition. 我在下面使用更新所有文档,但是我无法添加任何条件。
POST indexname/_update_by_query
{
"query": {
"term": {
"name": "XXXXX"
}
}
}
Here is the template, I am using: 这是我正在使用的模板:
{
"indexname": {
"mappings": {
"idxname123": {
"_all": {
"enabled": false
},
"properties": {
"name": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"date1": {
"type": "date",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"source": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
}
}
}
}
Could someone guide me how to add condition to it as mentioned above for the source and name. 有人可以指导我如何如上所述为源和名称添加条件。
Thanks, Babu 谢谢,巴布
1 个解决方案
解决方案1
2 已采纳 2019-06-04 16:24:27
You can make use of the below query to what you are looking for. 您可以使用以下查询查找所需内容。 I'm assuming name and source are your fields in your index. 我假设name和source是您在索引中的字段。
POST <your_index_name>/_update_by_query
{
"script": {
"inline": "ctx._source.name = 'XXXXX'",
"lang": "painless"
},
"query": {
"bool": {
"must": [
{
"term": {
"name": {
"value": "YYYYY"
}
}
},
{
"term": {
"source": {
"value": "file"
}
}
}
]
}
}
}
You can probably make use of any of the Full Text Queries or Term Queries inside the Bool Query for either searching/updating/deletions. 您可能可以利用Bool查询中的任何全文查询或术语查询来进行搜索/更新/删除。
Do spend sometime in going through them. 一定要花一些时间来经历它们。
Note: Make use of Term Queries only if your field's datatype is keyword 注意:仅当您字段的数据类型为keyword时才使用Term Queries
Hope this helps! 希望这可以帮助!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.