Hi, is it possible to join 2 index in elasticsearch? Maybe using query. Or I'm thinking if I could do a logstash pipeline that will query the two index and join them inside the pipeline.
First time to face a request like this. So, I don't know if this is possible or not.
Thank you!
You do need to use something external to query both indices and join them. There's nothing Elasticsearch can do for you on that front sorry.
What I'm doing now is a logstash pipeline that queries the two indices. But the result is like this.
Just an example
message => {
"took": ..........
}
{
"took": ..........
}
As u can see, the result is in the message where in the result of the another index is appended in the first index's result.
I'm wondering if I can split this two result. And after that maybe do the filter split json. And will try a ruby code to join it.
Hehe, but I think its not possible?
Will explore more. Thank for replying!
With transform you can query 2 or more indices and if they have a common field, like an id, you can "join" the results by grouping the common id.
To combine the documents you can use a scripted metric aggregation. It's possible to "collapse" the other documents, which means creating an array of all source documents, or you "join" them, meaning one overwrite the other one. For the later you have to decide the order.
Example post:
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.