Joins in Kibana 4 to Fetch Data From Multiple Indexes

Question

I have elasticsearch indexes which contain data for different machines regarding their performance. There are two types of indexes, first type contains information only about machines e.g its geo-location etc while the other type contains combined data of all the machines regarding performance with respect to some parameters over the time.

We want to visualize this data in Kibana Tile Map by showing each machine on the map and aggregate the performance for that machine. For this we will have to fetch machine location from first index and then fetch the data for that specific machine from other indexes and show the performance measures for that machine on the map.

This work is similar to join in SQL. After carrying out some research I have found that Kibana does not support any type of joins.

While searching I also found out that ES supports Parent/Child relationships which is somewhat like Joins but Kibana does not support it.

https://www.elastic.co/guide/en/elasticsearch/guide/current/parent-child.html

So is there any other solution to solve this problem? Or I will have to merge these two indexes into one?

I have seen these topics too but they do not help as my problem is Kibana 4 specific and all ES queries can not be applied to Kibana. Join query in ElasticSearch Kibana - join in the same index

Answer 1

Kibana can join up data from many indexes, the key is that they have to have the exact same timestamp field name. In Logstash we use "@timestamp". So as long as both your indexes use "@timestamp" (or whatever you named it) you can setup Kibana to pull and combine those two indexes. On the settings tab you just need to define a pattern that will match both indexes.