Analyzing for missing count

hi there

let me ask one thing.

my scenario is that

let's say i have 3 requests to A system and i expected 3 responses from A system.
but in real i got 2 responses from A system.
one response was dropout.
probably, user close browser while A system was progressing....

eg raw msg:

2017-12-19 09:25:50,207 (null) 27 Info : ASystem : TESTPAGE :: elkko5zhjzyigt4it1wjmxpw :: Request : <UserRequest><version>9.0</version><RefID>764764000000881</RefID></UserRequest>
2017-12-19 09:25:50,207 (null) 27 Info : ASystem : TESTPAGE :: elkko5zhjzyigt4it1wjmxpw :: Response: <UserResponse><version>9.0</version><RefID>764764000000881</RefID></UserResponse>

2017-12-19 09:26:50,207 (null) 27 Info : ASystem : TESTPAGE :: elkko5zhjzyigt4it1wjmxpw :: Request : <UserRequest><version>9.0</version><RefID>764764000000882</RefID></UserRequest>

2017-12-19 09:27:50,207 (null) 27 Info : ASystem : TESTPAGE :: elkko5zhjzyigt4it1wjmxpw :: Request : <UserRequest><version>9.0</version><RefID>764764000000883</RefID></UserRequest>
2017-12-19 09:27:50,207 (null) 27 Info : ASystem : TESTPAGE :: elkko5zhjzyigt4it1wjmxpw :: Response: <UserResponse><version>9.0</version><RefID>764764000000883</RefID></UserResponse>

Above A system logs stream to logstash
Then logstash make some fields using grok patterns.

eg fields:

log_timestamp: 2017-12-19 09:27:50,207
log_level: Info
log_type: REQUEST *if log msg have Request then log_type: REQUEST
log_type: RESPONSE *if log msg have Response then log_type: RESPONSE
ref_id: 764764000000883
version: 9.0

In Request and Response logs, there is no response log found in second request?
My question is that how to query for missing response log count (dropout) in elasticsearch????

Any advise would be appreciated

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.