Hi, I'm on Elasticsearch 6.4.3 and trying to delete a large swathe of logs generated by a loadbalancer's healthcheck, based on the healthcheck endpoint url.
For each request two documents were generated, one for the request and one for the response.
The problem is, only the 'request' has a field with the endpoint url. The 'response' doesn't contain that endpoint but does contain a correlation ID which both have in common.
So the question is, is it possible to create a search which matches the url, and also returns a set of documents where the corresponding correlation IDs match?
I had a look at the documentation for JOINs but I'm not sure if they solve the same problem, and anyway it seems that the JOIN needs to be defined at the time of indexing? https://www.elastic.co/guide/en/elasticsearch/reference/6.4/parent-join.html