Hi,
Is it possible to have an output from an intersection of data that are in
two different index or field?
Example:
We have a list of botIP in elasticsearch and in another index where we
capture data from firewall.
We want the list that match a predetermined field (example DST.IP) taken
from the firewall (real time log) and botIP list (mostly static).
It is like a "real time" intersect in SQL.
INSERT INTO table_a VALUES (1, 'A'), (2, 'B'), (3, 'B');INSERT INTO table_b VALUES (1, 'B');
SELECT value FROM table_aINTERSECTSELECT value FROM table_b
value-----
B
John
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/f40d3068-c1c2-47c3-b3ae-d709a9fe841e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.