I want to send some logs into elastic index continuous.
When my program started logs will be sent into index1 .
Finally some logs may lost and other logs will sent into index2
Can kibana compare 2 indexes and find the missing log automatically ?
Hi, this is a duplicated post with this.
As I said, you need to compare each documents with aggregated result by your client side.
As elasticsearch is a distributed system, any supported query or aggregation performed on each shards individualy. The data flows from each data node (containing shards) to the coordinating node one-way. There is no supported query or aggregation which will distribute once aggregated results to each nodes again. This is also the reason why elasticsearch does not support JOIN function of general meaning.
You might get convinced by searching something like "sub-query elasticsearch".
Thank you. I know the reason now 
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.