Query with multiple indices vs a unique index?

samia · November 28, 2017, 4:04pm

Hello,

I have a daily index of log where I have something like :

[date and time] [ Client ID ] [Other fields]

My daily indices are created on a daily basis via Logstash.

I'd like to create a vizualisation in Kibana, more exactly a table like this :

[Client] [number of occurences in logs]

In addition to the daily logs, I have a simple index where the "client ID" is associated to the actual "client name".

In my Kibana table, I'd like to make the "Client name" appear instead of the "client ID".

Is there a way to query ElasticSearch for these 2 indices (kind of SQL join) or Should I add a field with the actual client names in the log indices ?

Thank you for your help.

dadoonet · November 28, 2017, 4:17pm

You can’t do joins in elasticsearch.
Always better to solve that at index time IMO.

system · December 26, 2017, 4:18pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Querying Multiple Index in Kibana Kibana	3	6661	January 17, 2017
Alias with multiple index or One Index Elasticsearch	5	2441	May 30, 2017
Correct use of indicies Elasticsearch	4	696	July 5, 2017
Help me understand the use case for indices Kibana	6	1161	April 6, 2017
Whether to use multiple index in a dashboard or one index Kibana	2	358	February 21, 2019

Query with multiple indices vs a unique index?

Related topics