We're using ES 2.3 to store analytics data for a customer support site. We have several types of events (page views, downloads, create ticket, etc) that we're tracking and I'm hoping to get some insight on how this should be mapped? I'd like to use a mapping that is as broad as possible so in the future we can dice up the data in ways we haven't thought of before. I'm anticipating millions of records.
-
Potential queries/aggregations
-
Show all events associated with this user for a specific time range
-
Show common search terms that led to a group of similar tickets
-
Show aggregate usage data for a specific company/break down by user
-
Approaches I've considered
-
Use parent-child relationship with user as parent, event as child(can I have different children type for same parent?)
-
Keep everything flat with denormalized data (all events contain user information and put in same indx)
I think this is a pretty complex question so would appreciate any insight, even if its just to help unpack this so I can further research.