Search items in several `steps`

achenchik_nexters · August 2, 2016, 8:56am

Hello everyone,

I'm a new to ElasticSearch and can have a really stupid questions, but anyway during last several hours I'm unable to find a solution for my relatively typical situation:

Let's say I have logs from a backend application with difference types of user-events: Registration, New Connections, other actions.

Using Logstash I push all this data to ElasticSearch and want to make a filter to find user actions by registration parameters.

How can I make a nested (I can't tell that this is the right word for it) filters?

Exampe:

I want to find userIDs by specific Location (GeoIP) of Registration.
And then I want to see user actions lines filtered using these userIDs and action type (let's say Logout).

Thanks,
Andrey

warkolm · August 2, 2016, 8:59am

You can't do that as it's like a join in an RDBMS.

You'd need to do two separate queries.

achenchik_nexters · August 2, 2016, 9:13am

Thanks for your answer! So is there any way to connect those? Or I need to do a manual copy paste into another queue?

warkolm · August 2, 2016, 9:28am

It's be external to ES, so in your code.