In each entry I have IP address and I would have also name for it. I have pairs IP and name.
How can I deal with it? To have name in each document where is IP adress?
I use static lookup but this is hard to use, I don't know how update it etc.
What will be less problematic/CPU consuming etc, update static field or scripted fields?
How can I update static lookup? how should look script? can I do it some easy way with PHP API?
best way would be to enrich the data from ingest, just add the field and name from the start. If that is not an option, a static lookup would be less intensive, depending on how many pairs you have.
I assume this would be a list of hostnames, and for a size of 10-15 any options is fine. Once you get past the 100 the static lookup will be hard to manage and the scripted fields are going to get really big, so I would still suggest enriching the data from the start.
I will have more than 100, I guess like 200 or more.
You mean this? Enrich processor | Elasticsearch Guide [7.15] | Elastic
That will work if you have a lot of fields, yes.
Hmm, ok... that looks litle complicated 
It will work for daily indexes? I have like 3 indexes per day (3 sources for daily indexes).
And how can I automate it? It looks like a lot manual job, not like static lookup.
Is it possible to enrich by SQL query?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.