Hi, I have a problem with building a log search query.
Let's say I have logs with mandatory fields "name" and "car", and an optional field "color". Suppose that car of the same brand can not be of different colors. For example, if at least one person has a Porsche of white color, hence all Porsche owners have a white color.
I want to find all the logs for a particular color. I will remind you that some logs do not have a "color" field, but you can determine the color by finding another log with the same brand of car.
How should I build a log search query ?.
Example:
{"name":"Jhon" , "car":"Porsche", "color": "red"}
{"name":"Bob" , "car":"Ferrari", "color": "red"}
{"name":"William" , "car":"Ferrari"}
{"name":"Konstantin" , "car":"Porsche"}
{"name":"Carl" , "car":"BMW", "color": "white"}
When searching for a red color I should get
{"name":"Jhon" , "car":"Porsche", "color": "red"}
{"name":"Bob" , "car":"Ferrari", "color": "red"}
{"name":"William" , "car":"Ferrari"}
{"name":"Konstantin" , "car":"Porsche"}
p.s. sorry for my english
You are pretty much looking at a join with this, which you cannot do in ES.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.