Searching Across Multiple Indices

thelonestargeek · February 26, 2018, 4:11am

I have two indices.

Is it possible to create a consolidated index that appends the device data to the netflow data? If so, how would I do that?

warkolm · February 27, 2018, 3:50am

If they share a similar index pattern naming convention, then yes.

Otherwise you can try setting up a pattern of *.

thelonestargeek · February 27, 2018, 4:33am

Thanks Mark, if I wanted to add the field data to the netflow data; what's the best way to set that up?

For example:

So since the IP addresses match it's the same device and I want to create one record.

warkolm · February 27, 2018, 5:17pm

Where is the device data kept?

thelonestargeek · February 27, 2018, 10:18pm

The device data is a different _type in the same index

warkolm · February 28, 2018, 3:39am

You probably want to change that, _type will no longer exist in 7.0.

With this though, you really want to add that data to the event during ingestion.

Topic		Replies	Views
Two index with same field cant be merged as single document Kibana	6	1057	April 14, 2019
How to merge two indices in Kibana? Kibana	2	327	May 31, 2021
Merge 2 index? Kibana	3	2808	April 8, 2020
Visualizing across Distinct Indices Kibana	4	303	October 12, 2021
Create dashboard mixing data from indexes Kibana	2	309	January 28, 2022