join two seperate log files in logstash or elastic search to view in a single line in kibana?

Asked Jun 08 '20 at 17:51

Active Jun 08 '20 at 17:51

Viewed 92 times

I have two log files like this: Log File 1: page,pagedescription,pagetype

Log File 2: page,userid,userpageaccess

The final output i want in kibana is single line: page,userid,userpageaccess,pagedescription,pagetype

Basically a join on page column or a left outer join or merge on page column so that when i select fields from two log files i can see in one line, please guide if there is any solution in logstash or elasticsearch a small code snippet or explanation will solve

asked Jun 08 '20 at 17:51

Rushabh Doshi

You can achieve what you need using an enrich index, as described in my other answer here: https://stackoverflow.com/questions/58952346/using-a-search-template-in-an-ingest-pipeline/59047019#59047019 – Val Jun 09 '20 at 06:40
would like to do join without using x-pack feature – Rushabh Doshi Jun 09 '20 at 07:46
It's an XPack feature, but it's free and available with the Basic license. – Val Jun 09 '20 at 07:48

join two seperate log files in logstash or elastic search to view in a single line in kibana?

0 Answers0