Joining of results from elecsticsearch filter

marksparrish · May 28, 2019, 2:30pm

I am trying to join the results of an elasticsearch filter query.
The history index has two fields - id and result.
I want to create a field in the new index called results that contains both the id and the result e.g results => 1-B, 2-A, 3-C, 4-A.

I have tried both of the following but both only give me an array of nulls. How do you properly reference the fields

elasticsearch {
    hosts => ["192.168.1.42"]
    index => "history"
    query => "id:%{[ID]}"
    fields => { 
        "id.result" => "results"
     }
    result_size => 1000
}

elasticsearch {
	hosts => ["192.168.1.42"]
	index => "history"
	query => "id:%{[ID]}"
	fields => { 
		"history-%{id}.history-%{result}" => "results"
	}
	result_size => 1000
}

elasticsearch {
    hosts => ["192.168.1.42"]
    index => "history"
    query => "id:%{[ID]}"
    add_field => { "elections" => "%{election_id}.%{voted}" }
    result_size => 1000
}

marksparrish · May 28, 2019, 4:28pm

Went a different direction and added fields for each grade.

elasticsearch {
    hosts => ["192.168.1.42"]
    index => "history"
    query => "id:%{[ID]}"
    fields => { 
        "grade-a" => "id"
     }
    result_size => 1000
}

system · June 25, 2019, 4:28pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Join data from two indexes in Elasticsearch or Logstash Elasticsearch	1	728	April 20, 2019
Elasticsearch parent child mergin two tables together Elasticsearch	6	602	March 9, 2017
Elasticsearch join query Elasticsearch	1	450	September 19, 2017
Join 2 indexes with 1 primary key logstash filter elasticsearch Logstash	1	310	November 4, 2020
Using Elasticsearch filter plugin to add information to a index Logstash	2	339	July 6, 2018

Joining of results from elecsticsearch filter

Related topics