Search items in several `steps`

achenchik_nexters · August 2, 2016, 8:56am

Hello everyone,

I'm a new to ElasticSearch and can have a really stupid questions, but anyway during last several hours I'm unable to find a solution for my relatively typical situation:

Let's say I have logs from a backend application with difference types of user-events: Registration, New Connections, other actions.

Using Logstash I push all this data to ElasticSearch and want to make a filter to find user actions by registration parameters.

How can I make a nested (I can't tell that this is the right word for it) filters?

Exampe:

I want to find userIDs by specific Location (GeoIP) of Registration.
And then I want to see user actions lines filtered using these userIDs and action type (let's say Logout).

Thanks,
Andrey

warkolm · August 2, 2016, 8:59am

You can't do that as it's like a join in an RDBMS.

You'd need to do two separate queries.

achenchik_nexters · August 2, 2016, 9:13am

Thanks for your answer! So is there any way to connect those? Or I need to do a manual copy paste into another queue?

warkolm · August 2, 2016, 9:28am

It's be external to ES, so in your code.

Topic		Replies	Views
Question about nested data Logstash	6	273	July 31, 2020
JOIN different data sources Logstash	6	3248	July 6, 2017
Unsure How to Handle via Logstash/Elasticsearch Elasticsearch	6	660	February 24, 2017
How to filter the elastic results based logged person roles and permission Elasticsearch elastic-stack-security	4	480	March 13, 2020
Need-Help-On-elasticsearch in complex scenario Elasticsearch	3	218	July 22, 2022

Search items in several `steps`

Related topics