Logstash

对于我在这里发布的内容，我建议采用类似的解决方案，即使用

http

POST employees/_update_by_query{  "script": {    "source": "ctx._source.company.name = params.name",    "lang": "painless",    "params": {      "name": "Company NEW"    }  },  "query": {    "term": {      "company.cmp_id": "1"    }  }}

因此，您的Logstash配置应如下所示：

input {  ... }filter {  mutate {    add_field => {      "[script][lang]" => "painless"      "[script][source]" => "ctx._source.company.name = params.name"      "[script][params][name]" => "%{new.name}"      "[query][term][company.cmp_id]" => "%{cmp_id}"    }    remove_field => ["host", "@version", "@timestamp", "type", "cmp_id", "old.name", "new.name"]  }}output {  http {    url => "http://localhost:9200/employees/_update_by_query"    http_method => "post"    format => "json"  }}