Hi,
I'm currently using Elasticsearch 6.1.1, and I'm a little curious to see if there's a better method for what I'm currently doing.
So I've got two separate indexes (a-* and b-). a- has a column (eg col1) which will have identical values in colA in b-*. I need to pull up a list of values from colB in a-* which have matching colA values with a specified col1 value from b-*. The only col1 values in mind are values associated with a single col2 value (eg all entries where col2 = "target"). A diagram of this system can be seen below:
The thing is, these values are typically ingested at the exact same time, so there's no way to specify a parent-child relationship at the ingestion point from Logstash. Moreover, there can be multiple colA values for each colB value.
I've currently got a system running through Python where Python uses the ES API to find all entries in a-* where col2 is identical to a certain value (eg "target"), and extract all col1 values as a list. Python then uses this list of col1 values to perform a second query on b-* where colA values match any item in the list.
So my question is; is there a way to perform some small query within a query to rule out the middle man? So a query on b-* where colA matches the results of another query on a-*?
Thanks!