Dashboard based on data from 2 indexes

shinobu · March 23, 2022, 8:07am

Hello,

I want to create a Dashboard with a table thats showing me every url that does not a specific value in another field.

So basically i have 2 indexes:

Alert index:

{
  "url": "sometemplateurl.com"
}

Lookup Index:
{
 "Lookedup-Url": "sometemplateurl.com",
 "Attributea": "test"
}

The resulting table should show all alert urls that do not have attributea with the value "test". I can't use directly the Lookuptable for that, because I need the difference of Alerts - Lookup.

Is there a way to achive this?
Hope you can help me out.

Best Regards.

jsanz · March 23, 2022, 3:21pm

Since Elasticsearch query joins are limited, I don't think you can achieve this directly in Kibana without a denormalization process. For this you could use the enrich processor to transfer fields from your look-up index into your alert index.

shinobu · April 1, 2022, 8:57am

Ok, thank you for your advice I will try it this way.

system · April 29, 2022, 8:57am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Dashboards with non-uniform indexes in Kibana Kibana	1	196	June 29, 2021
How to create a kibana dashboard which could search through index relations? Kibana	9	671	October 27, 2022
How can I query Elasticsearch to join or correlate data between two indices that have different field names but contain the same values? Kibana elastic-stack-monitoring	2	90	July 4, 2024
Filtering documents with another index Kibana	2	831	June 1, 2022
Combine data from different index in kibana Elasticsearch	3	273	April 12, 2022

Dashboard based on data from 2 indexes

Related Topics