Can we join two index fields in one index

vinay_garg · August 29, 2017, 4:24am

Hi All,

Environment:
ELK 5.5

We are having two index of different logs (haproxy-index and fuselog-index).
Both index having different grok pattern.
but in haproxy grok pattern having three fields
'col1-ID':1
'col2-Name':'Testing'
'col3-Service':'Test'

FuseLog grok pattern
'col1-ID':1
'col2-Date':'2017-08-17'
'col3-IP':'0.0.0.0'

But grok pattern having same col1-ID field.
Is it possible to join fields of two index in one index? as mention in below example
'col1-ID':1
'col2-Name':'Testing'
'col3-IP':'0.0.0.0'

warkolm · August 29, 2017, 8:01am

FYI we’ve renamed ELK to the Elastic Stack, otherwise Beats feels left out

No it is not, it's not possible to joins in Elasticsearch at all.

vinay_garg · August 29, 2017, 8:03am

So can you give any other idea to solve it?

warkolm · August 29, 2017, 8:03am

What is the problem you are trying to solve?

vinay_garg · August 29, 2017, 9:14am

I have to monitor 200,500,502,504 response code from haproxy log. Based on i have to define fuse log pattern. So that i can easily rectify where the 200,500,502,504 response occur.
I hope it is clear.

warkolm · August 29, 2017, 9:17am

That can be handled by grok.

vinay_garg · August 30, 2017, 2:05am

Thanks for share you input.

Topic		Replies	Views
Multiple indices with different fields Elasticsearch	2	374	August 22, 2018
Merging 2 log lines into 1 Elasticsearch	6	501	June 8, 2022
Can you join indexes with different fields using an index pattern? Elasticsearch	4	3171	August 14, 2019
Querying in Elasticsearch Elasticsearch	4	354	May 23, 2018
Getting data from two index Elasticsearch	2	430	April 4, 2018

Can we join two index fields in one index

Related topics