Hello,
I have DNS query data from Packetbeat written to one index and will import a list of bad domains to a second index.
How can I perform a search to find where field A from index A matches field B from index B, to see which endpoint is looking up bad domains?
Thank you.
That is a join, which you cannot do in ES.
Understood, thank you. I'll try this with Siren Join.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.