I have 2 different indexes in kibana, first one is an early alert from something and the other one is when the user report the event, so i need to visualize when the alert and the user report match.
So i can hace a linear graph or a dispersion dots graph that allow me to compare and fin when both index data match
How can i do it?
As this would imply joining data from two indices, it's not possible directly in Elasticsearch today (we are working on it, though!).
You might be able to leverage transforms for this though: Transforming data | Elasticsearch Guide [8.3] | Elastic
Create a transform on both the early alert and the user report index, pivot on the event id field (the join key basically) and record the number of documents as the metric - if there are two documents, then the event was recognized by alerting and subsequently reported.
Thank you for your soon reply, let me check how it works for me as soon as possible and then i come back and tell you.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.