Hi one question.
I have to different indexes with an IP field:
src.ip
clientip
Is there a way to combine both with scripted field somehow so i can be able to search in both indexes using the same field name (without reindexing or using aliases)?
Thanks in advanced
Scripted fields only work on individual docs within an index. So they can't aggregate data over multiple docs or access data in other indices.
You can create an index pattern in Kibana which lists multiple indices (very similar to using an index alias).
But if the field names are different, you would have to define a field alias on one of the indices for a search to work on both.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.