Workaround for 'JOIN' in Kibana/ES

seth.yes · October 31, 2017, 4:45pm

I use Elasticsearch to document URLs requested by users.

I know that since this is a NoSQL database, there are issues with performing joins. I've read up on nested queries as well as parent/child aggregations, but am unsure if they'll solve my issue:

I need to find URLs accessed by a certain user, which were then later accessed by any other user.

I know in SQL I could do a join, e.g.

get 
  URL as infra_url,
   timestamp as infra_timestamp
     from url_index
     where username = 'infra' 
Join 
  URL as user_url,
   timestamp as user_timestamp
     from url_index
     where username != 'infra' 
     
     where infra_url = user_url and infra_timestamp < user_timestamp

Is there a similar way to perform this is Kibana/ES? I'm currently using the v5.6.2 stack.

shanec · November 2, 2017, 11:25pm

You need to do one of a few things:

Index the URL with infra/user nested/sub-objects/child docs
Perform multiple queries

If you're using Kibana, you'll really need to completely denormalize on index and just shove it all into the same doc.

Topic		Replies	Views
Can we perform joins on the Indexes in ES? Kibana	3	323	May 29, 2018
How to Correlate Data? Kibana	5	7630	May 25, 2018
Can we use SQL Join in elastic query? Elasticsearch	29	1292	September 27, 2019
Is it possible to join queries Elasticsearch	2	2198	July 5, 2017
How can I query this? (Kibana / Elasticsearch) Elasticsearch	2	464	April 27, 2017

Workaround for 'JOIN' in Kibana/ES

Related topics