Elastic Vs Splunk - Query Feature comparison - Join, Pipe(|), Table, dedup, eval, chart, rex

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Elastic Vs Splunk - Query Feature comparison - Join, Pipe(|), Table, dedup, eval, chart, rex

Mohit Garg
I have recently switched from Splunk to Elastic in a pursuit to explore open source platform for performing descriptive analytics on my log data.

Until now, based on a few elastic query tutorials, I found that the Elastic DSL is a bit less advanced in providing  nicely packaged features that are there in Splunk. With splunk, I can do a lot of things which are difficult or nearly impossible for me at the moment to replicate. I am using nearly 20+ features from Splunk which are not there in Elastic.

I am doing a feature-wise study to establish functional correspondence between the Splunk and Elastic, but I would appreciate if someone can help me out in replicating similar behavior. The features are:

1. Join - SQL like join
2. Pipe (I) - Feed subsearch output to next query
3. dedup - remove duplicate documents
4. eval - add new field in document in search-time
5. chart - a feature similar to stats
6. rex - a search-time field extractor.


--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/ecf14f29-15b4-4c46-93d0-f97125e00c9f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Elastic Vs Splunk - Query Feature comparison - Join, Pipe(|), Table, dedup, eval, chart, rex

Mark Walkom-2
1 cannot be done as joins in nosql land are very difficult-to-impossible to do natively.
2 there's no functionality around that at the moment.
3 should happen automatically, ES will not create a new document (event) if it exists, so there must be some difference there.
4 you can update existing documents and add fields if you want. Just not via Kibana.
5 there are lots of charts in Kibana what do you mean exactly.
6 Logstash does this but it's pre-search, there is nothing post search at this time.

On 5 May 2015 at 18:53, Mohit Garg <[hidden email]> wrote:
I have recently switched from Splunk to Elastic in a pursuit to explore open source platform for performing descriptive analytics on my log data.

Until now, based on a few elastic query tutorials, I found that the Elastic DSL is a bit less advanced in providing  nicely packaged features that are there in Splunk. With splunk, I can do a lot of things which are difficult or nearly impossible for me at the moment to replicate. I am using nearly 20+ features from Splunk which are not there in Elastic.

I am doing a feature-wise study to establish functional correspondence between the Splunk and Elastic, but I would appreciate if someone can help me out in replicating similar behavior. The features are:

1. Join - SQL like join
2. Pipe (I) - Feed subsearch output to next query
3. dedup - remove duplicate documents
4. eval - add new field in document in search-time
5. chart - a feature similar to stats
6. rex - a search-time field extractor.


--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/ecf14f29-15b4-4c46-93d0-f97125e00c9f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
Please update your bookmarks! We moved to https://discuss.elastic.co/
---
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAEYi1X912%3DwvZp7VP1H%2BbURcf1KVkEgexaHc97DVS5k0o49%3DTQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.