Created
February 9, 2017 18:55
-
-
Save inqueue/5c8da25e5b0f08a6f5450b8bb2144a91 to your computer and use it in GitHub Desktop.
Elasticsearch: Update by query example to strip passwords
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
DELETE security-logs | |
POST security-logs/event/_bulk | |
{"index":{}} | |
{ "event": "login", "user": "aardvark", "password": "squishy"} | |
{"index":{}} | |
{ "event": "login", "user": "squishy", "password": "aardvark"} | |
{"index":{}} | |
{ "event": "access", "application": "nginx", "ip": "10.1.1.1"} | |
POST security-logs/_update_by_query | |
{ | |
"script": { | |
"inline": "ctx._source.password=\"********\"" | |
}, | |
"query": { | |
"exists": { "field": "password"} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment