For starts I've never write a script on ElasticSearch, but I'm interested in knowing if I can write a script that, when run, will do a search on then ElasticSearch cluster. This search would be based on the fields of the doc on which the script would be running. I can imagine that it would have a TERRIBLE performance hit on the query since all the searches taking place, but it might be worth it.
If this is possible it might be possible to cross reference different indexes/document types on the same search. Log monitoring is my field of interest, so, with this I could, for example: look for users that have failed login attemps with SSH (syslog log), and look if the machine that originated the attemps also tried connecting somewhere else (iptables logs). I could put the script on a sum aggregation, for example, so I'd have something like: machine A tried connecting to XXXX other machines, machine B tried connecting to YYYY other machines ... Thanks -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/7fa38c48-f906-4d91-b9db-3f4f1764fc66%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
