Correlation between indexes in OpenSearch Dashboards
As a security analyst,
I want to be able to search across more than one index within Discover (and Dashboards queries), so that I can enrich data between sources.
For example, Okta logs contain an organisations user logins, along with their IP addresses. We may also have SSHd logs, and between the two we could correlate IP address to provide user details into a search of SSH logs. Many examples could be found.
In addition, [share any additional context or why this idea is important to you]
2
votes
Daniel Cross
shared this idea
-
Thanks, have we considered some sorta multisearch mechanics in OpenSearch? https://opensearch.org/docs/latest/api-reference/multi-search/ would something like this achieving your goal