Elastic search recommends against structuring data such that joins are needed for indexes, yet the OpenTelemetry data is put in multiple indexes. There's doesn't appear to be a way to configure the data to go to a single index. This seems to mean that some processing will have to be done outside of Kibana visualizations. One critical example: querying the original transactions that an error was for. I cant seem to find how that can be queried without pulling the data down and performing two queries local (one to get errors, then to query again using the transaction.id from that other index).
Any examples of how to "join" the multiple open-telemetry indexes for querying stats like this?
Welcome to the community! I've reclassified your query under Observability to make it easier to be picked up by those knowledgable about OTel. Can you confirm which version of Elastic you are using?
There does not seem to be any way to get the original transaction or span data without manually doing multiple queries outside of the Kibana/Elasticsearch query capabilities and joining the data.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.