Hello all,
I have two indexes one index contains the list of malicious domains(index:malicious index) and other index has the logs from my DNS server(indexname:DNSindex) i need to compare whether the field(domainname) which is in DNSindex has the malicious domain.
How to do it?
Thanks in advance
I'd love to know what other people say but from my experience this is not possible with elastic search by itself. A little python to loop through one index and search the other, or a logstash job that uses one index from elastic as input, then runs a query in the filter -- would be the two things I would recommend.
Thanks if it can be done through in kibana using join or nested queries then it would be a convenient method
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.