Limitationsedit

Limited support for multiple indicesedit

Currently the Graph API can explore multiple indices, types or aliases in a single API request but the assumption is that each "hop" it performs will be querying the same set of indices. It is currently not possible to take a term found in a field from one index and use that value to explore connections in a different field held in another type or index. A good example of where that might be useful is if an ip address found in the remote_host field of an index called "weblogs20160101" might want to be followed up by looking for this value in the ip_address field of an index called "knownthreats". For the Graph API to support this, extra mapping would be required to understand that the weblogs' remote_host field contained values that had currency and meaning in the ip_address field of the threats index. Currently we do not support this translation and client code would need to perform multiple calls to take the values from a weblogs index response and build them into a separate request to the threats index.