I'm trying to convert Splunk searches to Elasticsearch searches. The one problem I'm having is what to do with Splunk's datamodels. How would I transfer performing the search in a specific datamodel in Splunk to an Elasticsearch search?
For example, in a Splunk search:
tstats summariesonly=T count from datamodel="Web"........
What would be the Elasticsearch equivalent to performing the search in the "Web" datamodel?
Any help, no matter how small will help indeed. Thank you
Open the query in search and use the search inspector. The inspector will show you know which query splunk has actually executed.
While tstats searches index-time fields, you will have to reproduce all datamodel fields and aggregations (i.e. datamodel acceleration) and this is not an easy task, if at all possible.
Related
I want to take a look at the actual terms in an Elasticsearch index. In Solr, I can just open the admin and get a list of the most common terms. Is there an Elasticsearch equivalent of this?
We are using ElasticSearch to save and manage information on complex transactions. We might need to add more information for every transaction, on the near future.
How about including JSON doc version?
Is it possible for elastic search, to include different versions of JSON docs, to save and to search?
How does this affects performance on ElasticSearch?
It's completely possible, By default elastic uses the dynamic mappings for every new documents such as your JSON documents to index them. For each field in your documents elastic creates a table called inverted_index and the search queries executed against them so regardless of your field variation as long as you know which field you want to execute query the data throughput and performance will not be affected.
Hi I'm trying out Elastic Enterprise Search with Elasticsearch. I have a couple of questions on data indexing.
When referring to Elasticsearch documentation, I read that there is a limit to the number of fields that an Elasticsearch index could have. Since Elasticsearch is used with Elastic Enterprise Search I believe there is no arguing that the same applies here. In that case lets say I have multiple document types with various fields. For an example Person.json and Dog.json, they both have different properties. So when indexing I use one search engine in Elastic Enterprise Search to index both Person and Dog so that when I query using the Elastic Enterprise Search API I'll get results which are both Person and Dog depending on the search term.
Is this the way to go,or should I specify a seperate search engine for each schema type?
I am assuming that your person.json and dog.json contains different fields as your heading suggest and weather to create a separate index for these entities or have them in a single index, depends on the various use-cases you have in your application and you will not find elasticsearch marking one approach better than other and mainly will explain the pros/cons based on a particular context(like relevance, performance, management etc).
Please refer to my this SO answer, where I talked about various pros/cons of both the approach and discussion in chat to get more context why OP chose an approach based on his use-case, after knowing the pros/cons.
I have an elastic search index of document and i had run topic modeling(LSI) on it before. I want to add topic modeling feature in to existing elastic search index for on the fly similarity search. It will be great help if one will show the solution.
Thank you.
Can We use MLT concept of ES to filter documents with similar fields.Is it possible to give weight to the individual field. What is elastic search recommendations.
Yes you can: https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-function-score-query.html According to your fields, this could be easy or difficult.