How to perform JOIN operation in elasticsearch -
how perform join operation in elasticsearch on same index?
this set of field fow each documents:
"@version": "1", "@timestamp": "2016-04-26t15:56:05.379z", "phone": "..." "path": "...", "host": "...", "type": "...", "clientip": "...", "ident": "-", "auth": "-", "timestamp": "...", "verb": "...", "uripath": "...", "httpversion": "1.1", "response": "200", "bytes": "515", "timetaken": "383", "event_type": "type1" } if phone of documents have (event_type of type1, timestamp between date1 , date2) , (event_type of type2, timestamp between date3 , date4)
in mysql thinking join between 2 views
i might not optimized request, worked:
{ "query": { "filtered": { "filter": { "bool": { "should": [ { "bool": { "must": [ { "range": { "timestamp ": { "lte": date1, "gte": date2 } } }, { "term": { "event_type ": "type1" } } ] } }, { "bool": { "must": [ { "range": { "timestamp ": { "lte": date3, "gte": date4 } } }, { "term": { "event_type ": "type2" } } ] } } ] } } } } } it return documents have event_type of type1, timestamp between date1 , date2 , documents have event_type of type2, timestamp between date3 , date4.
the bool should return documents respect of part.
Comments
Post a Comment