I have a document with some children inside, something like:
parent : {
"id" : 1,
"name" : "test",
"children" : [
{ "idchild" : 1, "name" : "c1"},
{...}
]
}
I want to add the children to the already existent parents.
I have a logstash file to read all the parents. It's write the document in elasticsearch and create an empty array :
input {
jdbc {
jdbc_connection_string => "jdbc:postgresql://localhost:5432/test"
...
}
}
filter { ruby { code => "event.set('children',[]);" } }
output {
elasticsearch {
index => "test"
user => "elastic"
password => "elastic"
document_type => "parent"
document_id => "%{id}"
hosts => "localhost:9200"
}
}
It works fine, the documents are as expected.
In the second step i read the children, match document by parent id and update with child...
filter {
mutate {
add_field => {
"[children][child][idchild]" => "%{id}"
"[children][child][name]" => "%{name}"
}
}
}
but the array children became a property and the object "child" is updated each time instead of new insert.
How can i put new child inside children? There is a way to declare idchild as id of the sub-document ?