Problem Statement

Rakesh5216 · June 22, 2018, 7:01pm

I have 3 different files ( 3 diff csv files) - transaction data, card info data and user data. I need to merge all these data into single file (I mean to perform SQL type join based on a key). I am aware that we can’t perform joins in elasticsearch.

So what approach to solve this problem. I need to join these documents and inject the data into single index on Kibana.

My options – let me know if this can be possible.

Use logstash- ETL tool, do data structuring and transformation there ( is it possible to do joins in logstash? )
Or use join queries and mapping documents and inner_hits concepts in Kibana console ?
Which of the above is feasible or if any new recommendations to solve this problem?

warkolm · June 22, 2018, 9:09pm

I'd use Logstash to do it, have a look at the translate filter for eg.

Rakesh5216 · June 22, 2018, 9:12pm

Thanks a ton. Can I know if any example solving related issue using translate filter?

warkolm · June 22, 2018, 9:21pm

There's examples in the documentation, but also lots on here if you do a search

Rakesh5216 · June 22, 2018, 9:35pm

Writing a python script on the Elasticsearch end can be easier than merging on the Logstash end?

Topic		Replies	Views
Combine multiple sources Logstash	11	6483	July 6, 2017
Join two index using input elasticsearch/exec plugin in logstash Logstash	1	252	June 23, 2020
How to merge two document in logstash Logstash	2	1971	June 11, 2020
Joining Multpile CSV files and injecting the data into Elasticsearch Logstash	2	336	July 20, 2018
Applying joins to the data through logstash Logstash	3	484	December 18, 2017

Problem Statement

Related topics