Hello,
Sorry if my question is a bit easy, but I didn't find any way to do this request, and I am getting to wonder if it's really possible ...
PUT /test-index
PUT /test-index/user/1
{
"name": "John",
"connID": "44"
}
PUT /test-index/connection/1
{
"connID": "44",
"ip_source": "8.8.8.8"
}
I would like to write a request to return:
This little test is actually to correlate real data log from python app and firewalls logs.
Thank you for you help.
Joins are not supported in elasticsearch unless you are using parent/child feature.
A better approach is to create a flat document containing all that info.
Thank you David for you reply.
Do you know if joins are not supported by conception/design, or if it is plan to implement this feature in future ?
Does this means there is no way to do logs correlation on the fly (I mean post-indexation) with ELK ?
(I push logs from filebeat directly to ES)
Thank you.
By design. You can see a whole discussion here:
If you want to do something like this without pre-processing your data or without paren/child feature, you can have a look at the Graph feature available in X-Pack (commercial licence).
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.