Is joining the indices based on column to fetch the details is possible in Elasticsearch?
If it is static data I would have done programming, my requirement is on data retreving from http requests.
Elasticsearch doesn't have columns, so not sure what you mean there.
But it cannot join by itself. You would need to collect the data and then join in your code.
Could you please elaborate more. I have three indexes like below:
index1 - > memoryutilization = 50 & jobid = A1
index2 -> jobid = A1 & jobexecutor = B1
index3 -> jobexecutor = B1 & username = C1
Now I need to represent a report saying
C1 B1 A1 50
In order to achieve this How I need to write a query or code?
Then index documents like:
{
"jobid": "A1",
"jobexecutor": "B1",
"username": "C1",
"memoryutilization": 50
}
The three indices are loading from three different sources. All are loading via logstash by running refreshing every 60 sec.
As per your suggestion I need to create a new document by joining from source as it is. Do you have any sample code for logstash to do this. All source are in JSON format. (Details are from timeline db server)
As per your suggestion I need to create a new document by joining from source as it is.
Yes that's what @warkolm was telling with:
You would need to collect the data and then join in your code.
Do you have any sample code for logstash to do this.
No. You can do db lookups when ingesting events. Look at:
The index are coming real time from three different sources. So any idea I can achieve this via logstash? Or some other way?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.