Update by query using two indices

I have a index named "netdata" and the document looks likes this.

  {
    "_index": "netdata",
    "_type": "logs",
    "_id": "AV-6k3aG0ecAB0dXdmTW",
    "_score": 1,
    "_source": {
        "Location": "Bangalore",
      "cpu.cpu14.idle": 99.53465,
      "Vendor": "TeleDNA",
     "cpu.cpu15.idle": 97.9726967,
      "cpu.cpu11.idle": 96.5880863,
      "Date": 1510663664939,
      "HOST": "10.225.253.137",
      "Product": "SMSC",
    }
  }

I Have one more index name tps and document looks like this

{
        "_index": "netdata-tps",
        "_type": "logs",
        "_id": "AV-6lE010ecAB0dXdmd7",
        "_score": 1,
        "_source": {
          "Product": "SMSC",
          "Vendor": "TeleDNA",
          "HOST": "10.225.253.137",
          "tps": 4500,
          "Location": "Bangalore",
          "Date": 1510663200000
        }
      }

Both are inserted with one minute interval(1 entry for 1 minute in both indices).

Now the problem is I need the tps key in tps indices into netdata indices based on the minutes. Is it possible to merge based on the date field using update_by_query or any other methods????

Elasticsearch does not support this out of the box. That would need to be implemented outside of Elasticsearch, maybe using Spark (if you data is large enough to justify using it).

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.