Diff out all documents with the same hash key in 2 (or more) test runs

Hi Folks,

I am pretty new to elastic search pattern and wonder if you can give me any hint if this is possible what I want.

  • I collect system logs over daily regression tests.

  • I generate a normalized hash key for every syslog payload which does not contain any dynamic number.

  • I tag all syslog traces with a "run" tag. Lets say "run1" and "run2"

Now I want to find the "difference" between the 2 runs and visualize it in kibana.

My pseudo filter code looks like:

filter out all elements with:
( document.hash (document.version) == document.hash(document.versionB) )

Is this possible with a filter rule?

Any hint is appreciated.

Kind regards
Siggi

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.