it goes like this : so all my documents have a property called sessionId
and has a parent-child connection
the purpose:
user is searching by sessionId
can I do this?
Hi @David_Munsa
welcome to the Kibana community.
About your question, I have to ask few questions: how is the parent-child relation described in the document? Is it something like parentId: keyword property in each document that can be filled or null?
In general the Kibana Graph API is more a node-based use case, where the connection between two nodes describes the co-occurrence of some field values within the same document.
an example of the docs
{
logId:"askdkajsh"
sessionId:"sdfg67t342rsd"
context:"update_user"
}
{
logId:"dhfuw4y97ysf"
sessionId:"sdfg67t342rsd"
parentLogId:"askdkajsh"
context:"update_user"
}
{
logId:"xcbnvdsdf"
sessionId:"sdfg67t342rsd"
parentLogId:"dhfuw4y97ysf"
context:"update_user"
}
the idea is to search all docs by common sessionId, then display graph as parent-child relation (set on parentLogId prop)
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.