Hi Exerts,
I have 3 indices
student (name=vg, gopal etc) teacher (teachername=robert, bob etc) Class (classname=maths, english etc)
What I want is to check student and teacher indices and based on a condition results I want to update school index
something like if name=vg , teachername= robert then class=maths should be updater in Class index. This should be an automated process , so when data get into student , teacher index class modify accordingly ?
Regards
VG
No you can't do that.
What are you trying to do exactly? I mean: don't speak about the implementation but only the use case.
Well , I have antivirus data , vulnerability data and Configuration data (cmdb) . Here requirement is if system affected with virus , also it is vulnerable then cmdb index should get update like it is critical system/machine .Second scenario would be if machines is affected but not vulnerable then it is low critical and so on..
We recommend doing that at ingest time.
Take the event, look in the AV index, then the vulnerability index, then the CMDB index and add things to the original event accordingly.
This is what my plan is , thanks Mark
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.