Hi All,
I'm not sure if this is possible or advised with ElasticSearch but thought it would be a good place to start.
What I'm working on is I have multiple systems that contain information of computers on my network (Antivirus, Active Directory, etc)
I want to compare the record of each of these systems and be able to find any gaps within the system coverage, so if a computer is in Active Directory but not in antivirus I can investigate the reason why. I'd like to be able to visualise this as well so I can quickly see what systems a computer is missing from.
My first thought was to maybe have an ES Index per system and then somehow link the records on these systems, but after reading further maybe this isn't the best approach.
Perhaps a better approach is a single index with a document per computer and then have a property of the document that identifies what systems it was found in.
{
"source": [ "ad", "antivirus", "config_mgmt", "pkg_mgmt" ]
}
Interested to hear any thoughts on this.
Thanks.