Query Predicated on Another

Elastic Stack Elasticsearch
1

Hi,

I have two indexes, one called warnings and another, warning_settings.

warning_settings consists of documents with that simply contain a warning id and disabled: true/false.

I'd like to query all the warnings that don't have a corresponding warning_settings document with disabled: true, and then do your usual aggregations over that data to generate some nice visualizations in Kibana.

Is this possible with ES? I've got it working as a two step process, but doing this from Kibana seems to require a single query.

Here are the two queries I'm making right now:

GET warning_settings/_search
query: {
    match: {
       disabled: true,
    },
}

GET warnings/_search
query: {
    ...
    must_not: {
      terms: {
        id: [... ids returned from first query],
      },
    },
  },
},

Any help is greatly appreciated!

2

That's not possible from Elasticsearch or Kibana.
You could do it with a Watch (via Alerting), but otherwise you'd need to do it in an external client.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.