Dashboard based on data from 2 indexes

shinobu · March 23, 2022, 8:07am

Hello,

I want to create a Dashboard with a table thats showing me every url that does not a specific value in another field.

So basically i have 2 indexes:

Alert index:

{
  "url": "sometemplateurl.com"
}

Lookup Index:
{
 "Lookedup-Url": "sometemplateurl.com",
 "Attributea": "test"
}

The resulting table should show all alert urls that do not have attributea with the value "test". I can't use directly the Lookuptable for that, because I need the difference of Alerts - Lookup.

Is there a way to achive this?
Hope you can help me out.

Best Regards.

jsanz · March 23, 2022, 3:21pm

Since Elasticsearch query joins are limited, I don't think you can achieve this directly in Kibana without a denormalization process. For this you could use the enrich processor to transfer fields from your look-up index into your alert index.

shinobu · April 1, 2022, 8:57am

Ok, thank you for your advice I will try it this way.

system · April 29, 2022, 8:57am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.