I have recently switched from Splunk to Elastic in a pursuit to explore open source platform for performing descriptive analytics on my log data.
Until now, based on a few elastic query tutorials, I found that the Elastic DSL is a bit less advanced in providing nicely packaged features that are there in Splunk. With splunk, I can do a lot of things which are difficult or nearly impossible for me at the moment to replicate. I am using nearly 20+ features from Splunk which are not there in Elastic. I am doing a feature-wise study to establish functional correspondence between the Splunk and Elastic, but I would appreciate if someone can help me out in replicating similar behavior. The features are: 1. Join - SQL like join 2. Pipe (I) - Feed subsearch output to next query 3. dedup - remove duplicate documents 4. eval - add new field in document in search-time 5. chart - a feature similar to stats 6. rex - a search-time field extractor. -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/ecf14f29-15b4-4c46-93d0-f97125e00c9f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
