Performing full SQL-style joins in a distributed system like Elasticsearch is prohibitively expensive. Instead, Elasticsearch offers two forms of join which are designed to scale horizontally.
Documents may contain fields of type
nested. These fields are used to index arrays of objects, where each object can be queried (with the
nestedquery) as an independent document.
joinfield relationship can exist between documents within a single index. The
has_childquery returns parent documents whose child documents match the specified query, while the
has_parentquery returns child documents whose parent document matches the specified query.
Also see the terms-lookup mechanism in the
query, which allows you to build a
terms query from values contained in
Allow expensive queriesedit
Joining queries will not be executed if
is set to false.
Intro to Kibana
ELK for Logs & Metrics