Join in Kibana to fetch data from two ElasticSearch indexes

0
votes

I have two indexes "indexname" and "indexnamelookup" in the elasticsearch instance. And I have created index pattern indexname* in kibana and trying to join two fields "IP"(field in indexname) and "location.IP"(field in indexnamelookup). 

GET /indexname*/_search?q=*
{
    "query": {
        "multi_match": {
            "query": "",
            "fields": [
                "IP",
                "location.IP"
            ]
        }
        }
}

Above query is working fine in elasticsearch. But it is not working in kibana. Has anyone else faced a similar situation?

1
elasticsearchkibana

1 Answers

0
votes
  1. The ?q=* in your query turns it into a match all that ignores the body.
  2. I assume we're talking about Discover in Kibana: The query location.IP : "foo" or IP : "foo" will work.
  3. Alternatively you can use your Elasticsearch query in Kibana as well if you add a filter and then use the Query DSL:

enter image description here