Need Help with Merging Data from Two Elasticsearch Indices

prashant1 · July 18, 2024, 11:10am

Hi,

I need to merge data from two indices (test1 and test2) based on a common key (information). Here’s a simplified example of my indices:

Index test1:

sample_id   information   price
---------   -------          ----------------
test1        11            52
test2        11            53
test3        11            54

Index test2:

information   net_price_value
-------------         --------------
11                           52

Desired Output:

sample_id   information   price   net_price_value
-------------------------------------------------
test1                    11            52            52
test2                    11            53            52
test3                    11            54            52

I've explored using the Elasticsearch Transform API (_transform) with scripted metrics, but I'm encountering challenges in correctly combining and mapping data from both indices into a single transformed index (test3). Could someone please advise on the best approach or provide a sample query to achieve this? Any insights or examples would be greatly appreciated.

Thank you in advance!

dadoonet · July 18, 2024, 11:28am

That sounds like a good candidate for an enrich pipeline.

And then, the usage with ES|QL is much easier:

from test1
| enrich test-policy on information with net_price_value
| where weight > 80
| keep sample_id, information, price, net_price_value
| limit 10

prashant1 · July 18, 2024, 12:39pm

Thanks @dadoonet for the quick response.

Is there anyway to achieve it using transform or logstash as I have access restrictions to work on the enrich policies ?

dadoonet · July 18, 2024, 1:26pm

I don't think it's made for that use case.

Yes probably. You would need to create a new index. Like reading the index test1 with an elasticsearch input plugin, then doing lookups in index2 with an elasticsearch filter plugin and then write the result to index3 with an elasticsearch output plugin.

I wrote a post about this at Enrich your Elasticsearch documents with Logstash | Elastic Blog

prashant1 · July 19, 2024, 7:32am

Thanks @dadoonet for help
We are able to achieve the usecase through elasticsearch filter plugin.

Topic		Replies	Views
How to join 2 index using 2 common values Elasticsearch	4	931	June 23, 2020
How to join two index Elasticsearch	4	3366	June 30, 2021
How do I combine 2 index data in elasticsearch? Elasticsearch	22	13398	October 10, 2019
Is it possible to combine two docs in different indices? Elasticsearch transforms	2	940	July 13, 2021
Join between two indices is possible in elasticsearch Elasticsearch	5	7465	January 16, 2020

Need Help with Merging Data from Two Elasticsearch Indices

Related topics