Hi @spinscale
please guide me.. please guide me to the following problem,
I have two different index and i want to compare two fields value and get result which exist in different index
for example :-
Index 1: threatintel
fields :- 1. indicator_ip
2. message
3. userid
Index 2: checkpoint
fields:- 1. srcip
2. dstip
Need query : Give source IP, message and timestamp
where threatintel.indicator_ip = (checkpoint.srcip or checkpoint.dstip)
please help me to achieve it.
I don't think this is possible in ES. You are trying to implement a sql like join which is not possible in ES. Two ways you can achieve this is:
1- At index time create a combined document
2- Do the join in your application
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.