hi,
we have a massive index, few reference indexes and we wanted to summarise from these multiple indexes into a single "summary index" . This way we are planning to join the queries
So the questions
Do you mean something like https://www.elastic.co/guide/en/elasticsearch/reference/current/xpack-rollup.html?
can the rollup join data from multiple indexes or do we need to individually roll them up?
I'm trying to achieve is a "correlation" of data within multiple indexes by putting into a single summarised index
Elasticsearch cannot join data.
What sort of correlation are you looking at?
I had a complex set of requirement whereby I've to aggregate and then alert based on a dynamic threshold (from a CSV file). So my thought was to put the Dynamic CSV && the summarised raw dataset into a single index and then alert from it.
Ah right, you might be able to use a chained input alert to do this - https://www.elastic.co/guide/en/elasticsearch/reference/current/input-chain.html
very interesting. I will have a playaround with it. Meantime, I've upvoted. thanks again mate
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.