Searching for data from multiple index ( join)

Hello,

Any one can help me please.
I have two files inputs from logstash:
The first contains some fields like : ipadress ,name, age
and the second : location, sexe, ipadress

they have ipadress field in common with same value.

My goal is when i search for name x , i would like to show all fields as a result like age, sexe ,location using ipadress in common like join in sql.

I have diffuclt to index them, and if i index these two inputs in two index can i make a link between two indexes ? or is it possible to index them in same index ?

Many thnx

With elasticsearch it's always better to do joins at index time rather than at search time.

So a final document should look like:

{
  "ipaddress": "a.b.c.d",
  "name": "foo", 
  "age": 48,
  "location": "Paris", 
  "sexe": "male"
}

What is the real source of the generated data? Is it really a file or does all this come from an application or a database?

i m receiving data from two Streaming input( two applications) .I m using logstash to parse data then send them to elasticsearch and evry input has many fields , ipadress in common field with the other input.

Hello,
After searching, i found that in this case it is possible to use parent-child feature.
Is there any support for parent-child indexing in logstash please ?
How can i index parents and child using logstash ?

Thnx in advance

I'd not use that feature unless there's no other choice. So I'd recommend that you check that it's absolutely necessary for your use case to use joins at search time.

But if you want to do it, I'd recommend asking that question in #logstash channel.

Done, thnx

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.