Discuss the Elastic Stack

Enriching data in index by data from another index

Elastic Stack Elasticsearch

jneuschl (JN) April 8, 2019, 9:04am 1

Hi guys,
we have a need to enrich user data (e.g uid=19212012) coming from all applications to include additional data about user (e.g branch=xxx;region=yyy).

At first we wanted to use static jdbc in logstash, but security prohibited us to use that (complex reason to explain why ).

Wy have data needed for such enrichment in elasticsearch index.

Is there a way how to preprocess message to include data based on UID from another index?

Another option that would be acceptable is to enrich data during rollup jobs (if that's possible).

Many thanks

spinscale (Alexander Reelsen) April 9, 2019, 11:22am 2

Hey,

another possible option might be the ingest node, which is able to change the JSON format before the data gets indexed. However you cannot merge data from another index, but maybe you can use a lookup table in a script processor for example.

--Alex

jneuschl (JN) April 9, 2019, 11:33am 3

Hi there,

that could be a solution however can you plz advise how to solve following:

in examples for elasticsearch filter, is just a simple setup without authorization, does it work with basic auth as well?
can data from elasticsearch be cached? We have about 300 incoming record a second
any other possible solution ?

Thanks

system (system) Closed May 7, 2019, 11:33am 4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views	Activity
Enriching new documents with fields from other ES indexes Logstash	1	1082	July 6, 2017
Combine and enrich data before ingestion Elasticsearch	2	419	January 14, 2019
Enrich Elasticsearch via MySQL based on field value Elasticsearch	4	587	July 5, 2017
How to look up data in elasticseach as part of an ingest node process Elasticsearch	3	373	March 14, 2019
Elastic search complex query Elasticsearch	6	232	May 1, 2022

© 2020. All Rights Reserved - Elasticsearch

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.