Can we join two index fields in one index

vinay_garg · August 29, 2017, 4:24am

Hi All,

Environment:
ELK 5.5

We are having two index of different logs (haproxy-index and fuselog-index).
Both index having different grok pattern.
but in haproxy grok pattern having three fields
'col1-ID':1
'col2-Name':'Testing'
'col3-Service':'Test'

FuseLog grok pattern
'col1-ID':1
'col2-Date':'2017-08-17'
'col3-IP':'0.0.0.0'

But grok pattern having same col1-ID field.
Is it possible to join fields of two index in one index? as mention in below example
'col1-ID':1
'col2-Name':'Testing'
'col3-IP':'0.0.0.0'

warkolm · August 29, 2017, 8:01am

FYI we’ve renamed ELK to the Elastic Stack, otherwise Beats feels left out

No it is not, it's not possible to joins in Elasticsearch at all.

vinay_garg · August 29, 2017, 8:03am

So can you give any other idea to solve it?

warkolm · August 29, 2017, 8:03am

What is the problem you are trying to solve?

vinay_garg · August 29, 2017, 9:14am

I have to monitor 200,500,502,504 response code from haproxy log. Based on i have to define fuse log pattern. So that i can easily rectify where the 200,500,502,504 response occur.
I hope it is clear.

warkolm · August 29, 2017, 9:17am

That can be handled by grok.

vinay_garg · August 30, 2017, 2:05am

Thanks for share you input.

system · September 27, 2017, 2:05am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.