0

I am using the following code for partial update

POST /website/blog/1/_update
{
   "script" : "ctx._source.views+=1"
}

is there any alternative way I can achieve the same thing. because I don't want to change anything in groovy script because last time I changed the settings and my server was compromised.

So someone please help me with the solution or some security measures if there is no work around.

Improve this question

1 Answer 1

Reset to default
2

No, you cannot dynamically change a field value without using a script.

You can use file-based scripts though, which means that you can disable dynamic scripting (default in ES 1.4.3+) while still using scripting in a safe, trusted way.

config/
  elasticsearch.yml
  logging.yml
  scripts/
    your_custom_script.groovy

You could have the script store:

ctx._source.views += your_param

Once stored, you can then access the script by name, which bypasses dynamic scripting.

POST /website/blog/1/_update
{
  "script": "your_custom_script",
  "params" : {
    "your_param" : 1
  }
}

Depending on the version of Elasticsearch, the script parameter is better named (e.g., ES 2.0 uses "inline" for dynamic scripts), but this should get you off the ground.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.