IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
Performing full SQL-style joins in a distributed system like Elasticsearch is prohibitively expensive. Instead, Elasticsearch offers two forms of join which are designed to scale horizontally.
Documents may contain fields of type
nested. These fields are used to index arrays of objects, where each object can be queried (with the
nestedquery) as an independent document.
joinfield relationship can exist between documents within a single index. The
has_childquery returns parent documents whose child documents match the specified query, while the
has_parentquery returns child documents whose parent document matches the specified query.
Also see the terms-lookup mechanism in the
query, which allows you to build a
terms query from values contained in
Intro to Kibana
ELK for Logs & Metrics