Correlate data and metadata

I have logs files, each representing output of a test.
Each log file contains 5000-10000 lines, and is accompanied by another file which contains metadata about the test e.g. OS version, Platform etc (about 10 fields of metadata). This metadata applies to all lines of a certain log.

I want to ingest each line of the log into elastic as a document. I will use also the metadata fields in queries, not only the log fields

My question is what is the recommended way to do it with elastic? Should I add the metadata fields to each document (log line) or should I store the metadata in a different index and use some elastic equivalent of join in order to correlate it with the log's document?


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.