Combining rows into one in Kibana

Ashootosh_Bhardwaj · September 20, 2018, 1:02pm

Hi, I have different types of data coming from 3 different servers.
Server One gives me : ID, StartTime1, EndTime1
Server Two Gives me : ID StartTime2, EndTime2
Server Three gives me: ID, StartTime3, EndTime3

In Elastic Search I am sending data as Logs_Server1, Logs_Server2 and Logs_Server3 and I created Index Logs* which now has all the data.

I would like to know if there is a way to combine this data? So that I can see it like below in Kibana:

ID, StartTime1, StartTime2, StartTime3, EndTime1, EndTime2, EndTime3.

Everything in a single row for Single ID?

Regards,
Ashootosh

Ashootosh_Bhardwaj · September 21, 2018, 1:43am

I will really appreciate any help or direction to resolve this problem!

tsullivan · September 22, 2018, 3:31am

This looks kind of like what a left join would do in SQL, which Elasticsearch does not support. If ID is a shared key across multiple documents, what you could do is aggregate on all the IDs and get information like how much data exists per ID or some stats per ID, such as min start time or max end time.

system · October 20, 2018, 3:31am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.