Hi
i have an index called X
in that index i have 1 document type
and the documents are separated by the filed "type" (added by logstash)
one type is called : type1
and one type is called : type2
both have one field that is the same called "identifier"
that means that some documents from type1 have the "identifier" field with the same value as documents from type 2
i want to search for a string in a field called msg in documents from type1 , and get the documents from type2 that contain the same value of "identifier" (from the results of the string search in field msg)
i want to search for a certain string in type1 filed "msg" - and use the "identifier" field value to get type2 document containing the same "identifier" field value
It's not really doable. You can have a look at parent/child feature though which can help you may be in such a case. It comes with a cost (memory usage as we have to perform joins in memory).
Yes i guess something like a join
i looked at the parent child option but i don't quit know how to "tell" elasticsearch who is the parent and who is the child
the data comes from JDBC input with logstash
and what connects the 2 documents is the "identifier" filed
so how can i tell logstash that when a document from type1 has "identifier" : "XYZ" it is a child of a document from type 2 with "identifier" : "XYZ"?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.