Skip to content

Instantly share code, notes, and snippets.

@inqueue
Created February 9, 2017 18:55
Show Gist options
  • Save inqueue/5c8da25e5b0f08a6f5450b8bb2144a91 to your computer and use it in GitHub Desktop.
Save inqueue/5c8da25e5b0f08a6f5450b8bb2144a91 to your computer and use it in GitHub Desktop.
Elasticsearch: Update by query example to strip passwords
DELETE security-logs
POST security-logs/event/_bulk
{"index":{}}
{ "event": "login", "user": "aardvark", "password": "squishy"}
{"index":{}}
{ "event": "login", "user": "squishy", "password": "aardvark"}
{"index":{}}
{ "event": "access", "application": "nginx", "ip": "10.1.1.1"}
POST security-logs/_update_by_query
{
"script": {
"inline": "ctx._source.password=\"********\""
},
"query": {
"exists": { "field": "password"}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment