Hello Everyone ,
I have been looking for a way to realize the following task :
To compare two indentical fields from the same index , but different have different dates ( data1[]= from now to now-24h) and (data2[]= from now-2days to now-30days) . basically i want to get (visualize) the result of (data1[] - data2[]) which means all the domains that are in data1[] but not in data2[] .
How can i do it ?
I have seen similar things done with a Watch. You could then take the output and put it into a new index to visualise.
Alternatively you could run the events through Logstash and use an Elasticsearch filter to do the check and tag.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.