I have logs in the above format.
The 'key1' "A" changes to "B" ('key2') and this change is documented in the log highlighted in green. After this step, "B" becomes the new value of "A" and the further logs have "B" in the 'key1' field.
I want to have a query where in I can find what value A has changed to("B" in this case) and filter for logs having "A" or "B" in the 'key1' field
The filtered logs should look like
How can this be achieved?
Thank you!
I'm not sure I fully understand your question, when you are using Discover you can simply enter this query in the search bar using KQL:
The question is, I need to be able to find what B is (this is not known beforehand).
A turns into a value called B , the value of B can be found using one log that highlighted in green.
So my query should be consists of :
I need help with the first point.
Once I get that information I can use B to make a query as you mentioned.
Kibana is currently not able to do dependent queries automatically which would be necessary for a feature like this (fetch data to get "B", then fetch the actual data).
It might be possible using Canvas, but I'm not sure whether this is a good approach to your problem. Can you elaborate why exactly you have to do this? Maybe there is a way to change how your data is stored in Elasticsearch that makes it easier to query your data.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
