Update by query using two indices

Ravi_Shanker_Reddy · November 14, 2017, 1:34pm

I have a index named "netdata" and the document looks likes this.

  {
    "_index": "netdata",
    "_type": "logs",
    "_id": "AV-6k3aG0ecAB0dXdmTW",
    "_score": 1,
    "_source": {
        "Location": "Bangalore",
      "cpu.cpu14.idle": 99.53465,
      "Vendor": "TeleDNA",
     "cpu.cpu15.idle": 97.9726967,
      "cpu.cpu11.idle": 96.5880863,
      "Date": 1510663664939,
      "HOST": "10.225.253.137",
      "Product": "SMSC",
    }
  }

I Have one more index name tps and document looks like this

{
        "_index": "netdata-tps",
        "_type": "logs",
        "_id": "AV-6lE010ecAB0dXdmd7",
        "_score": 1,
        "_source": {
          "Product": "SMSC",
          "Vendor": "TeleDNA",
          "HOST": "10.225.253.137",
          "tps": 4500,
          "Location": "Bangalore",
          "Date": 1510663200000
        }
      }

Both are inserted with one minute interval(1 entry for 1 minute in both indices).

Now the problem is I need the tps key in tps indices into netdata indices based on the minutes. Is it possible to merge based on the date field using update_by_query or any other methods????

thiago · November 17, 2017, 9:06pm

Elasticsearch does not support this out of the box. That would need to be implemented outside of Elasticsearch, maybe using Spark (if you data is large enough to justify using it).

system · December 15, 2017, 9:06pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.