How to link two indices?

xionglingfeng · December 22, 2015, 11:05am

Hi all,
There are two indices in ES, which stored related information.

For example, an index named "logstash-netflow-YYYY-MM-DD" contains field named "netflow.ipv4_src_addr" and "netflow.ipv4_dst_addr". Another index named "logstash-radius-YYYY-MM-DD" contains field named "Framed-IP-Address" and "User-Name".

Is there anyway to link these two indices together? Like when querying "netflow.ipv4_dst_addr=1.1.1.1", shows all corresponding "netflow.ipv4_src_addr" and "User-Name"?

If this design is not good, any suggestions to improve it?

nodexy · December 22, 2015, 2:42pm

Maybe you can try this feature : parent-child relationship

https://www.elastic.co/guide/en/elasticsearch/guide/current/parent-child.html

warkolm · December 22, 2015, 8:17pm

Short answer is no, you cannot join in nosql systems, including ES.

Longer answer is sort of using something like TimeLion which visually "merges" things. Or you can use parent/child, but it's not really relevant for this dataset.

xionglingfeng · December 23, 2015, 1:36am

@warkolm Any suggestions to improve my current design to allow such query?

Topic		Replies	Views
Two index query, linking field Elasticsearch	1	368	February 1, 2019
How to join two index Elasticsearch	6	19714	July 5, 2017
Searching for data from multiple index ( join) Elasticsearch	6	514	February 7, 2020
Elasticsearch parent child mergin two tables together Elasticsearch	6	602	March 9, 2017
Query documents present in both indexes Elasticsearch	3	1299	May 9, 2018

How to link two indices?

Related topics