- X-Pack Reference for 6.0-6.2 and 5.x:
- Introduction
- Installing X-Pack
- Migrating to X-Pack
- Breaking Changes
- Securing Elasticsearch and Kibana
- Monitoring the Elastic Stack
- Alerting on Cluster and Index Events
- Reporting from Kibana
- Graphing Connections in Your Data
- Profiling your Queries and Aggregations
- Machine Learning in the Elastic Stack
- X-Pack Settings
- X-Pack APIs
- Info API
- Security APIs
- Watcher APIs
- Graph APIs
- Machine Learning APIs
- Close Jobs
- Create Datafeeds
- Create Jobs
- Delete Datafeeds
- Delete Jobs
- Delete Model Snapshots
- Flush Jobs
- Get Buckets
- Get Categories
- Get Datafeeds
- Get Datafeed Statistics
- Get Influencers
- Get Jobs
- Get Job Statistics
- Get Model Snapshots
- Get Records
- Open Jobs
- Post Data to Jobs
- Preview Datafeeds
- Revert Model Snapshots
- Start Datafeeds
- Stop Datafeeds
- Update Datafeeds
- Update Jobs
- Update Model Snapshots
- Validate Detectors
- Validate Jobs
- Definitions
- Troubleshooting
- Limitations
- License Management
- Release Notes
WARNING: Version 5.4 of the Elastic Stack has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Graph Limitations
editGraph Limitations
editLimited Support for Multiple Indices
editThe Graph API can explore multiple indices, types, or aliases in a single API request, but the assumption is that each "hop" it performs is querying the same set of indices. Currently, it is not possible to take a term found in a field from one index and use that value to explore connections in a different field held in another type or index.
A good example of where this might be useful is if an IP address is
found in the remote_host field of an index called "weblogs20160101",
you might want to follow that up by looking for the same address in
the ip_address field of an index called "knownthreats".
Supporting this behaviour would require extra mappings to indicate that
the weblogs' remote_host field contained values that had currency and
meaning in the ip_address field of the threats index.
Since we do not currently support this translation, you would have to perform multiple calls to take the values from the weblogs index response and build them into a separate request to the threats index.
On this page