Have a look at transforms, you can source both indexes, use a pivot, group on terms using the field id. For the output fields you have several options (just ideas, not verified):
- a
filteraggregation andtop_metricsas sub aggregation -
top_metricson top, sort by_indexascending for index 1, descending to get index 2 scripted_metric
You find further information in older posts: How to join two index - #3 by Hendrik_Muhs
Note however that these posts are old and e.g. top_metrics has been added just recently. I talk about top_metrics in a recent advent post: Dec 11th, 2021: [en] On a road trip with Transform