Hi,
I have a situation where many requests and responses are sent over Logstash and I have to correlate each pair request/response.
I don't know when neither wheather the response is coming, but when and if it comes I'm able to correlate them with an ID which I can use as a Join field.
My question is:
Is the Elasticsearch join datatype the best way to do this?
But the doc says:
The only case where the join field makes sense is if your data contains a one-to-many relationship where one entity significantly outnumbers the other entity.
Which is not my case because I going to have millions of one-to-zero_or_one relationship.
If not, is there better ways?
Thanks,