Hi, Is it possible to have an output from an intersection of data that are in two different index or field? Example: We have a list of botIP in elasticsearch and in another index where we capture data from firewall.
We want the list that match a predetermined field (example DST.IP) taken from the firewall (real time log) and botIP list (mostly static). It is like a "real time" intersect in SQL. INSERT INTO table_a VALUES (1, 'A'), (2, 'B'), (3, 'B');INSERT INTO table_b VALUES (1, 'B'); SELECT value FROM table_aINTERSECTSELECT value FROM table_b value----- B John -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/f40d3068-c1c2-47c3-b3ae-d709a9fe841e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.