Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

elasticsearch painless script 会覆盖原文档 #40

Closed
leveryd opened this issue Mar 29, 2023 · 1 comment
Closed

elasticsearch painless script 会覆盖原文档 #40

leveryd opened this issue Mar 29, 2023 · 1 comment
Labels
enhancement New feature or request

Comments

@leveryd
Copy link
Contributor

leveryd commented Mar 29, 2023
edited
Loading

背景

output {
  elasticsearch {
    ...
    script => "
      if(ctx.op == 'create') {
        ctx._source=params.event;
        ctx._source.first_create_time = params.event.get('@timestamp');
      } else {
        String old = ctx._source.get('first_create_time');
        ctx._source = params.event;
        ctx._source.last_update_time = params.event.get('@timestamp');
        ctx._source.first_create_time = old;
      }
    "
  }
}

ctx._source = params.event; 会把原文档内容都覆盖掉,包括 @Version 信息。port、subdomain等索引里生成的org、parsed-domain信息也会丢失。

这样在pipeline执行时,可能会影响性能,因为操作的记录数会变多。
@leveryd leveryd added the enhancement New feature or request label Mar 29, 2023
leveryd pushed a commit that referenced this issue Mar 31, 2023
fix: override source document
37dc582 
#40
@leveryd
Copy link
Contributor Author

leveryd commented Mar 31, 2023

怎么修复?

ctx._source = params.event;

改成

for (entry in params.event.entrySet()) {
  ctx._source[entry.getKey()] = entry.getValue()
}

@leveryd leveryd closed this as completed Mar 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@leveryd