Accessing a Separate Index in a Scripted Field

stevenlocke · August 17, 2015, 1:43pm

Is it possible to create a scripted field which reads a value from indexA, performs a search in indexB, then takes that value and stores it back in indexA?

For example, I have an index filled with IP addresses and the companies who own them. In a separate index, I have an IP address and I need to know the company where this traffic is coming from. So ideally, I would read the address, search the other index for the company, then store the company alongside the original address.

Can this be performed at all, so far I've only seen accessing fields in a self-contained index?

Thanks.

warkolm · August 17, 2015, 10:49pm

This is basically a join and you cannot do it inside ES, you'd have to do it outside and then reindex the document.

If you are using the ELK stack then check out the translate filter.

stevenlocke · August 18, 2015, 5:13pm

Not using Logstash, unfortunately.

Any alternatives?

warkolm · August 18, 2015, 9:54pm

Then it's all DIY, externally to ES.

Topic		Replies	Views
Lookup [Scripted fields] Kibana	2	997	January 3, 2020
Scripted field from multiple indices Elasticsearch	4	4239	July 6, 2017
Create a field base on other docs results in the same index Kibana painless	2	345	April 29, 2020
Scripted field Elasticsearch	6	284	February 10, 2021
Accessing script field value from another script - is it possible? Elasticsearch	1	548	April 19, 2017

Accessing a Separate Index in a Scripted Field

Related topics