Open
Description
Description
If any field is renamed in any integration package in newer versions, current users who are using older versions of the integration package might be using older fields in various assets.
During an upgrade to the newer version where the field is renamed, you have to consider replacing the old field with the new field where it is being used. By using the Update By Query API, the old field can be renamed to the new field for the already ingested documents.
The following steps must be performed to rename the field from ingested documents by using an Update By Query API.
- Create a rename processor by performing the following steps in the Dev Tools.
PUT _ingest/pipeline/rename
{
"description" : "Rename <old_field>' to '<new_field>' field",
"processors" : [ {
"rename": {
"field": "<old_field>",
"target_field": "<new_field>",
"ignore_missing": true
}
} ]
}
- For example:
PUT _ingest/pipeline/rename
{
"description" : "Rename 'apache_tomcat.access.header_forwarder' to 'client.ip' field",
"processors" : [ {
"rename": {
"field": "apache_tomcat.access.header_forwarder",
"target_field": "client.ip",
"ignore_missing": true
}
} ]
}
- Apply the created pipeline to all the existing documents under the index.
POST logs-<data_stream-name>/_update_by_query?conflicts=proceed&pipeline=rename
- For example:
POST logs-apache_tomcat.access-default/_update_by_query?conflicts=proceed&pipeline=rename