Is there a way to have field level audit in elastic search?
I have an index with say 10 fields. These fields may get modified from time to time. Is there a way to add any field level timestamp, which can store the timestamp when it was last updated and also can be retrieved by api?
Thanks in advance.
Solution
field level last update time audit
#push a sample doc
PUT my_index/_doc/1
{
"created_at": "2025-02-24T13:00:00Z",
"email": "john@example.com",
"name": "dogan",
"field_update_timestamps": {
"email": "2025-02-24T13:00:00Z",
"name": "2025-02-24T13:00:00Z"
}
}
#update the doc with `_update` API call
POST my_index/_update/1
{
"script": {
"source": """
if (!ctx._source.containsKey('field_update_timestamps')) {ctx._source.field_update_timestamps = [:]; }
for (entry in params.entrySet()) {
ctx._source[entry.key] = entry.value; ctx._source.field_update_timestamps[entry.key] =
new java.text.SimpleDateFormat('yyyy-MM-dd\'T\'HH:mm:ss\'Z\'').format(new java.util.Date());
}
""",
"lang": "painless",
"params": {
"name": "musab"
}
}
}
#check the result.
GET my_index/_search
You can check if the field updated by comparing
created_atfield andfield_update_timestamps.<fieldname>.
- How to insert data into elasticsearch
- ModuleNotFoundError: No module named 'haystack.document_store.elasticsearch'; 'haystack.document_store' is not a package
- Difference between using Filebeat and Logstash to push log file to Elasticsearch
- The difference between XPOST and XPUT
- pelias: error: elasticsearch not alive and version < 7.4.2 . But it seems alive and its version is 7.17.27
- NEST - Index individual fields
- Unable to start Elastic Search 8 and Kibana using Docker
- Bad Request when connecting to Elasticsearch from ElasticsearchSinkConnector
- Elasticsearch 7 The [standard] token filter has been removed
- How to Get All Results from Elasticsearch in Python
- How to use the Scroll API with the ReactiveElasticsearchClient
- ElasticSearch service failing to start. Cannot find JVM
- PostgreSQL(Full Text Search) vs ElasticSearch
- How to avoid N+1 when reindexing models with Searchkick
- Elasticsearch highlight matches in HTML without breaking syntax
- JanusGraph index stuck in "INSTALLED" state after running REGISTER_INDEX command
- Phonetic search implementation
- ElasticSearch: Unassigned Shards, how to fix?
- deleting all documents with out dropping index in elasticsearch java API
- Elasticsearch nested field not exist query in DSL python
- Joining two indexes in Elastic Search like a table join
- How to 'join' two indexes in ElasticSearch
- Dokku: How to change the version of Elasticsearch in plugin
- default username in Elastic cloud (kibana) and how to find a password
- .NET elasticsearch testcontainer tests fail in run mode, but succeed in debug mode
- elasticsearch bool query combine must with OR
- Why is TieredMergePolicy is better than others?
- How to include the logs from the discover page on a Kibana dashboard
- RestHighLevelClient v/s ElasticsearchClient Java client in Elasticsearch 8.x to search
- Elasticsearch change type existing fields