Hi,
What is the best way to handle document associations in Elasticsearch.
For example, to associate TCP packets in a stream together. \
Is it possible to query ES for, for example, SYN packets that dont have an "associated" SYN-ACK packet, and finally to get the count of suck packets...
New to ES so any help is appreciated..
Thanks
EDIT: Perhaps using an aggregator function in logstash to group the packets into a stream??