Hi Team,
We are using Elasticsearch APM for performance monitoring and also using the log correction feature to stamp the traceID for each application log line. These log lines are published as an individual document to Elastic Index.
One of the log line will have our application reference id in the document and rest of the logs for these transaction will share the same TraceID.
Now I want to fetch all the log lines for my application reference id. This could have been easily achieved if we allowed joining two different documents in the same index which isn't supported in Elasticsearch.
APM GUI handles the exact same problem, but assume that it does it in two steps, first gets the document/s having application reference id and then fetch corresponding documents using TraceID.
Can you please suggest something to achieve the same using Elasticsearch query feature. Maybe writing some function which internally fires two queries for given application ID or some plugin or anything.
Thanks in advance.