I am having a hard time in ES join query, I googled a lot but find nothing helpful. So I ask here.
I have 2 index, whose mapping is:
mappings for index logs:
"logs": {
"properties": {
"timestamp": {"type": "date"},
"host": {"type": "keyword"},
"log": {"type": "text"}
}
mapping for index versions:
"versions": {
"properties": {
"host": {"type": "keyword"},
"version": {"type": "keyword"}
}
Suppose I have data like this:
Data for logs:
timestamp:1, host:a1, log: "sample log1"
timestamp:2, host:a1, log: "sample log2"
timestamp:3, host:a1, log: "sample log3"
timestamp:1, host:a2, log: "sample log4"
timestamp:2, host:a2, log: "sample log5"
timestamp:3, host:a2, log: "sample log6"
timestamp:1, host:a3, log: "sample log7"
timestamp:2, host:a3, log: "sample log8"
timestamp:3, host:a3, log: "sample log9"
Data for versions:
host:a1, version:v1
host:a2, version:v1
host:a3, version:v2
What I want to query is: "Find out all logs of host's version equal to v1"
The result should be:
timestamp:1, host:a1, log: "sample log1"
timestamp:2, host:a1, log: "sample log2"
timestamp:3, host:a1, log: "sample log3"
timestamp:1, host:a2, log: "sample log4"
timestamp:2, host:a2, log: "sample log5"
timestamp:3, host:a2, log: "sample log6"
How should I do it? Please help.
Elasticsearch is not a relational database, and therefore does not support join.
The only ways to workaround this, with many cons, is to either use parent-child (or join data type in v6) or nested docs.
** both options are not that scalable and may introduce performance issues.