hi
I couldn't find a proper example of enriching outcome of a search query using external lookup/DB-table
I'm looking for something like..
<my search>
| lookup ip within {external lookup file or DB table}
| if ip is present, find its corresponding hostname ; else default it to "uknown_host"
| print ip, hostname
how to achieve this in elasticsearch?
PS: I don't want to index the external lookup-file nor DB table to Elastic
I do not think you can do that in Elasticsearch so you would need to do it in the application once the response is returned.
Couldn't get you. You mean to say we need to write an external application or module to do this?
Yes.
oh, that's a shame. Hopefully someone would have done this? thought such enrichment is available in all big data solution products
will raise as a feature request then.
Why not doing that at index time instead?
If you want to search/display a hostname instead of an IP address, just index that information at index time within the same document and you're done.
because the data in enrichment is dynamic. it is like a whole cmdb which we don't want to index on daily basis.
More-over at the time of indexing, we don't know what all extra elements we require as the stakeholders/use-cases vary.
Can I suggest a feature request for implementing a "lookup/enrich" functionality on the fly? thanks in advance
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.