Hi, I am trying to retrieve information from 3 different indexes, that share one field that is the same. My indexes and their respective fields are: discharge - (doc_id, time) patients - (patient_id, gender, age) admissions - (disch, race) Patient_id is in every document within all three indexes. I would like to return a search where I get: patient_id, gender, age, disch, race, doc_id, time I only need 1 row per patient_id, so I don't need to deal with cases where theres multiple ages for a patient and the like. In SQL it would be something like: SELECT a.doc_id, a.patient_id, b.race ..read more

I saw ESQL in technical preview and thought.. ahh it is like Splunk and Arcsight Logger. Having used it, I feel like they also are copying the performance of Logger as well. I was excited about using it because it fit well with an application I am trying to make. The development box we have isn't massive, but it runs regular queries pretty fast. If I run queries on the same dataset using ESQL the performance is really poor with results taking minutes. My question: When I do something like FROM X | WHERE Y... does this mean that it first reads the entire dataset and then filters it as opposed ..read more

Hello, I have setup a new ubuntu server and I wish to move my dashboard from my old setup to the new one. Is there an api to do it? Or the only thing I can do is to manually copy everyting from old server to new one? submitted by /u/Artistic_Weather1023 [visit reddit] [comments ..read more

I have a saved search that I'm creating a pivot transform from. There's a few aggregations and one group-by term. Continuous update is on. It keeps failing, some test transforms I've created have worked, but the transforms I'm creating for the saved search keep failing. I'm not sure why some test transforms work and all actual transforms fail. The error I get is usually "backend connection failed" or "load failed". If it matters I get an error in the transform saying ". I feel like it's a simple fix but I'm not sure what I'm doing wrong submitted by /u/Rizzmiz [visit reddit] [comments ..read more

{ "query": { "bool": { "filter": [ { "term": { "org_id": "ORGg5xkdx1fd6vy" } }, { "term": { "is_active": true } } ], "should": [ { "match": { "color": { "query": "yel", "operator": "and", "fuzziness": "0", "analyzer": "ngram_analyzer" } } }, { "match": { "color": { "query": "yel", "operator": "or", "fuzziness": "0", "analyzer": "ngram_analyzer" } } } ] } }, "aggs": { "group_by_color": { "terms": { "field": "color.keyword", "size": 20 } } } } This is returning 5 yellow , 4 blue, 4 orange 2 red . i want uniqueness of colors that is 1 yellow 1 blue 1 orange and 1 red . i have applied aggs gro ..read more

These are the logs that are printed last on ES, but whenever I try to reach host-ip:9290 or 9390 i get failed to connect via curl command, if i try to use rest client in java i get an exception with 503 service unavailable any idea why this is happening? [2024-04-24T08:32:27,153][INFO ][o.e.g.GatewayService ] [CLUSTER-NODE1] recovered [98] indices into cluster_state [2024-04-24T08:32:30,952][INFO ][c.f.s.c.IndexBaseConfigurationRepository] [CLUSTER-NODE1] Search Guard License Info: No license needed because enterprise modules are not enabled [2024-04-24T08:32:30,952][INFO ][c.f.s.c.IndexBaseC ..read more

I have installed the elastic defender agent on a kali machine and ran a few nmap scans. But these nmap scans are not appearing in the streaming logs in Kibana observability. However all other kinds of logs are appearing. I went through the config file of Elastic Defender to add the path to nmap logs. But I did not find the path anywhere on Kali. Google also is not helpful in this regard. Am I misunderstanding something? Thank you for your time. submitted by /u/flubbergrubbery [visit reddit] [comments ..read more

Hey all! I know what you're thinking, use Geogrid for this! I tried it but it doesn't work in my scenario. My problem is as follows. I store positional data from data points from a game into Elasticsearch. I'm trying to generate heat maps based on this positional data. The problem with Geogrid is that it requires my data to be positioned on the earth, but it's not, it's positioned on a flat-plane map of a game. I'm trying to figure out if I can write an aggregation that will take the X and Y coordinate, along with the bounding box of the map, and output something like this: ​ 0 1 2 5 8 ..read more

Hi all, I have a question related to semantic search — I have a use case that I would like to use search query to search against multiple fields of the docs. Say I have docs like company, department, employee_name, employee_introduction_text Google, Chrome, John Doe, 10 YOE, like hiking with my dog. Tesla, TeslaBot, Mike Doe, 5 YOE, like playing video games. Tesla, Infra, Charles Gao, 12 YOE, like playing video games. If I have a search query Who is in department TeslaBot that likes playing video games, I would like it to return the second row only. How should I vectorize my doc so that I ..read more

Is there a way to write an Elastic Agent policy *with* integrations in a file ahead of time instead of using Kibana? I found an Stack OverFlow post mentioning a GitHub Issue, but it seems the conversation has gone stale: https://github.com/elastic/kibana/issues/88956 submitted by /u/cyberphor [visit reddit] [comments ..read more