Equivalent of sql join and update

Elastic Stack Elasticsearch
#1

i am using logstash to forward my apache logs to elasticsearch

one of the query string fields is "tagid=$NUMBER" is parsed properly and
can be searched for..
though when i am visualizing that data on kibana; business people do not
care about numbers and want to be able to read proper names related to
those tags...

the table which matches Tagid2Name is fairly static and hardly ever
changes ...

i am wondering if there's a way for me to visualize that data and replace
the tagid with its proper name.
the table in question is around 200 record in size; the simplest way i
can think of is to use logstash to add field on match but that's not
scalable...

any advice on what i should look for ?

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/36af2284-6522-465e-b046-396e6823afd0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

#2

Logstash has a translate filter -
http://www.elastic.co/guide/en/logstash/current/plugins-filters-translate.html

However KB3 has this functionality built in, where you can change a
displayed value to something else, it'll be released in KB4 soon.

On 19 April 2015 at 22:11, dna lor dnalor.ah@gmail.com wrote:

i am using logstash to forward my apache logs to elasticsearch

one of the query string fields is "tagid=$NUMBER" is parsed properly and
can be searched for..
though when i am visualizing that data on kibana; business people do not
care about numbers and want to be able to read proper names related to
those tags...

the table which matches Tagid2Name is fairly static and hardly ever
changes ...

i am wondering if there's a way for me to visualize that data and replace
the tagid with its proper name.
the table in question is around 200 record in size; the simplest way i
can think of is to use logstash to add field on match but that's not
scalable...

any advice on what i should look for ?

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/36af2284-6522-465e-b046-396e6823afd0%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/36af2284-6522-465e-b046-396e6823afd0%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAEYi1X-GRMLoQk6i0U%2BkTMm8c1MxTpwpNz_mNYmdangdzJWqyg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

#3