I've noticed that the elapsed filter has not been detecting a large amount of my start/end tagged events. I tend to see the "elapsed_end_without_start" tag added to my end tagged events, as well as "elapsed_expired_error" events being generated.
I was wondering if this is a common problem when processing nearly 5,000 events every 30 minutes or if there's a possible workaround to it.
Update: Still haven't found any solutions to the problem. If anybody has any ideas, that'd be great.
I'm having the same problem. Haven't figured out any solutions yet.
A little bit of backstory.
My logs are all related to transactions (basically requests and responses). I'm trying to find the transactions which have a request, but don't have the corresponding response, a.k.a a dropped transaction.
Since all of them have a unique id (transaction_id), I figured I'd use the elapsed filter and set the start_tag to the request and the end_tag to the response. From there I'd be able to view the transaction id of the dropped transactions as elapsed would generate new events containing the transaction id and the tag, "elapsed_expired_error". However, I'm facing the problem above.
So, if anybody has a different method to solving this or even an idea to point me in the right direction, I'd love to hear it and it'd be greatly appreciated.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.