Trying to update a nested geoip location field in elasticsearch

Question

Here is what I've tried:

POST orders/_update_by_query
{
    "script" : "ctx._source.geoip += newElement",
    "params": {
        "newElement": {
           "location" : "[40.730610, -73.935242]"
        }
    },
  "query": {
    "term": {
      "CITY": {
        "value": "nyc"
      }
    }
  }
}

The above throws error Unknown key for a START_OBJECT in [params].

Second Attempt:

POST orders/_update_by_query
{
  "script":{
    "source":
      "for (item in ctx._source.geoip){item.location = '[40.730610, -73.935242]'}",
      "lang":"painless"
  },
  "query": {
    "term": {
      "CITY": {
        "value": "nyc"
      }
    }
  }
}

The above throws null pointer exception, and points to the period at source.geoip

I also tried changing the value of location to just test but receive the same errors.

Here is my mapping:

{
  "orders" : {
    "mappings" : {
      "properties" : {
        "geoip" : {
          "dynamic" : "true",
          "properties" : {
            "location" : {
              "type" : "geo_point"
            }
          }
        }
     }
}

I am using ES v7.2 and Kibana v7.2

Answer 1

A couple of issues in the 1st approach:

• params need to be defined within the script object, not below it
• newElement needs to be accessed using params.newElement
• you cannot append += params.newElement to a nonexistent ctx._source.geoip
• you cannot append an object to a single-value field -- you can just assign it
• location is of the geo_point type, so either [40.730610, -73.935242] ([lon, lat]) or "-73.935242,40.730610" ("lat,lon"), but not a mixture of both

Working command:

POST orders/_update_by_query
{
  "script": {
    "inline": "ctx._source.geoip = params.newElement",
    "params": {
      "newElement": {
        "location": [
          40.73061,
          -73.935242
        ]
      }
    }
  },
  "query": {
    "term": {
      "CITY": {
        "value": "nyc"
      }
    }
  }
}