Re: Linking of query/search

[Alex Kamil]

you can combine ES with RDBMS, and run your SQL queries either directly
against db, or pull data via JDBC River into ES, I wrote about it here:
http://lessc0de.github.io/connecting_hbase_to_elasticsearch.html


On Fri, Sep 12, 2014 at 10:55 AM, Ivan Brusic  wrote:

> You cannot join documents in Lucene/Elasticsearch (at least not like a
> RDBMS). You would need to either denormalize your data, join on the client
> side or execute 2+ queries.
>
> --
> Ivan
>
> On Fri, Sep 12, 2014 at 12:45 AM,  wrote:
>
>> Hello!
>>
>> Can anyone shine some light on my question?
>> Is the query in question achievable in ES directly?
>>
>> If not, I can probably do that in application later, but it would be
>> nicer if ES could serve me the final results.
>>
>> Matej
>>
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "elasticsearch" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to elasticsearch+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/elasticsearch/6f3345f2-4b25-4b06-b203-4ad0de201e8f%40googlegroups.com
>> 
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "elasticsearch" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to elasticsearch+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/CALY%3DcQBgybZpCz1bKV%3DE7XF_cHGDuFKS1wruKNAYZTbo8t0jvA%40mail.gmail.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/CAOtKWX623repUH5k2XbkFBFNu-b3cSKyObuyf793AVhOt3Gb-Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Linking of query/search

[Ivan Brusic]

You cannot join documents in Lucene/Elasticsearch (at least not like a
RDBMS). You would need to either denormalize your data, join on the client
side or execute 2+ queries.

-- 
Ivan

On Fri, Sep 12, 2014 at 12:45 AM,  wrote:

> Hello!
>
> Can anyone shine some light on my question?
> Is the query in question achievable in ES directly?
>
> If not, I can probably do that in application later, but it would be nicer
> if ES could serve me the final results.
>
> Matej
>
>  --
> You received this message because you are subscribed to the Google Groups
> "elasticsearch" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to elasticsearch+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/6f3345f2-4b25-4b06-b203-4ad0de201e8f%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/CALY%3DcQBgybZpCz1bKV%3DE7XF_cHGDuFKS1wruKNAYZTbo8t0jvA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Linking of query/search

[matej . zerovnik]

Hello!

Can anyone shine some light on my question?
Is the query in question achievable in ES directly?

If not, I can probably do that in application later, but it would be nicer 
if ES could serve me the final results.

Matej

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/6f3345f2-4b25-4b06-b203-4ad0de201e8f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Linking of query/search

[matej . zerovnik]

I'm currently evaluating using ES and logstash as a central log management. 
Aside from storing logs in ES, I will need to do some querying and reports 
as well. This is where I get into troubles, because I'm not sure how to 
solve the following problem.

I have a service, where a certain user logs in via web page. That login is 
logged in apache log. Login is then further forwarded to Radius server(logs 
to his log file) and from there, to LDAP server, which also logs to his own 
file. I would like to extract information(last log line) for a certain user 
to figure out, where the login failed(http,radius or ldap). This would be a 
script for helpdesk, to quickly check where login stopped and investigate 
further.


In SQL database, I could just link(=) fields in database and get a match. 
Something like
SELECT httpd.username, httpd.full_log_message, radius.full_log_message, 
ldap.full_log_message
FROM httpd,radius,ldap
WHERE httpd.login = radius.login AND radius.login = ldap.login
LIMIT 1

Can I achieve that in elasticsearch?
How is that called in elasticsearch?
Can someone provide an example or link to it?

Thanks, Matej

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/c8a239e8-a1ac-43d9-bc2d-3ce58cc204c4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.