So I have this logfile in which some gps positions are noted.
In a different logfile Im logging disconnects to a network.
Is there a way to filter all those gps locations, that happen in +/- 5 minutes around the disconnect?
hi @c4alexc4,
that's though to do, unless you have a way of merging those logs before you index them in Elasticsearch.
You could keep track of the last-disconnect time inside the document that also contains the gps-position. Then you could do a time-filter around that last-disconnect timestamp.
You can't do a query across two different indices inside Elasticsearch. If you need to, generally people do this programatically. For example; first query for the disconnect timestamps, and then run a 2nd query for the gps-positions in the time-frame. That kind of customization, where you can run queries across different indices, and pipe the result of the first as an input of the second, isn't there in Kibana though.
Always feel free to open an enhancement request of course: https://github.com/elastic/kibana/issues/new
Hey @thomasneirynck,
A two-stage query in the style you described it was on my mind too but seems like Kibana cant serve me that (even though both docs share the same index). I will try to solve the problem in Logstash using an aggregate filter or something.
Thank you for your ideas though.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.