Workaround for 'JOIN' in Kibana/ES

seth.yes · October 31, 2017, 4:45pm

I use Elasticsearch to document URLs requested by users.

I know that since this is a NoSQL database, there are issues with performing joins. I've read up on nested queries as well as parent/child aggregations, but am unsure if they'll solve my issue:

I need to find URLs accessed by a certain user, which were then later accessed by any other user.

I know in SQL I could do a join, e.g.

get 
  URL as infra_url,
   timestamp as infra_timestamp
     from url_index
     where username = 'infra' 
Join 
  URL as user_url,
   timestamp as user_timestamp
     from url_index
     where username != 'infra' 
     
     where infra_url = user_url and infra_timestamp < user_timestamp

Is there a similar way to perform this is Kibana/ES? I'm currently using the v5.6.2 stack.

shanec · November 2, 2017, 11:25pm

You need to do one of a few things:

Index the URL with infra/user nested/sub-objects/child docs
Perform multiple queries

If you're using Kibana, you'll really need to completely denormalize on index and just shove it all into the same doc.

system · November 30, 2017, 11:26pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can we perform joins on the Indexes in ES? Kibana	3	266	May 29, 2018
Inner_hits with Kibana visualizations Kibana	6	912	December 20, 2017
How to Correlate Data? Kibana	5	7432	May 25, 2018
Join indexes in Kibana Kibana	3	2308	June 1, 2021
Joining data in the same index? Kibana	2	838	July 6, 2017

Workaround for 'JOIN' in Kibana/ES

Related topics