Continuously merging documents from multiple indexes

roll · July 29, 2021, 8:16am

Hi all,
I'm fairly new to elasticsearch and have a question regarding merging of documents and removing duplicates.
I got the following data structure:

topic1:
{
         "_id": “a12345",
          "userId" : "x123”,
	  “externalId”: “0987654",
          "firstName" : "first name",
          "lastName" : "last name",
          "birthDate" : -157770000000,
          "vipFlag" : "1",
          "email" : "user@domain.org",
          "mobile" : "+12345678",
          "zipCode" : "12345",
          "city" : "City name"
}

topic2:
{
         "_id": “b12345",
          "userId" : "x123”,
	  “externalId”: “0987654",
          "firstName" : "first name",
          "lastName" : "last name",
          "birthDate" : -157770000000,
          "email" : "user@domain.org",
          "mobile" : "+12345678",
          "zipCode" : "12345",
          "city" : "City name"
}

topic3:
{
         "_id": “c12345",
	  “externalId”: “0987654",
          "firstName" : "first name",
          "lastName" : "last name",
          "email" : "user@domain.org",
          "mobile" : "+12345678",
          "zipCode" : "12345",
}

topic4:
{
         "_id": “b12345",
          "userId" : "x123”,
          "firstName" : "first name",
          "lastName" : "last name",
          "birthDate" : -157770000000,
          "email" : "user@domain.org",
          "mobile" : "+12345678",
          "zipCode" : "12345",
          "city" : "City name"
 }

The information is pushed continuously into ES from the topics in kafka.
I’m considering using Kafka Elasticsearch Sink Connector to store the data in separate indexes per topic and merge the values based on the merging rules into a new index that will be used for querying.

Following values should be used for merging the documents from topics:

topic1 with topic2: userId
topic1 with topic4: userId
topic1_2_4 with topic3: externalId

As a result I’m expecting one topic with either parent-child relation or with merged fields (whatever is easier)

Is it doable in elasticsearch or should I write a an external kafka consumer + elasticsearch indexer application to merge and insert the data?
If it's doable in elasticsearch, what would be the right way to solve this?

Hendrik_Muhs · July 29, 2021, 9:25am

You can use a continuous transform for this, however you need 2, one that groups by userId and a 2nd one that merges the output of the 1st transform with topic3 by grouping on externalId.

However for a continuous transform all your source indexes require timestamp field, if you don't have one you might add one using an ingest timestamp. You also need this to connect transform 1 with transform 2.

For picking the right values for the output, e.g. email you can use a script via scripted_metric (spoiler: in a future release this will become easier). Have a look at the provided docs, in the sub sections you will find some painless examples, e.g. the one for top_hits.

roll · July 30, 2021, 10:50am

Thanks for your help @Hendrik_Muhs!

system · August 27, 2021, 10:50am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Merge Documents based on field value? Elasticsearch	2	6101	September 25, 2017
Merge Indices together Elasticsearch	4	484	January 23, 2017
Merge data fer two indices with foreign key Elasticsearch	4	1951	February 22, 2018
Merging search results by key Elasticsearch	5	441	April 12, 2018
Sending a all source document into one dest field Logstash	4	368	September 29, 2020

Continuously merging documents from multiple indexes

Related topics