I have a huge amount of request and I would like to do a search in order to get documents with the same token but but with code 200,401, and then 200 again. I can get all 200, all 401 but I'm unable to get token with 200, then 401, then 200.
Hi @psramkumar,
Thanks for your interest. The context : we use a sso application using a token. When evetyhing's OK we only have 200, but sometimes we get 401 (unauthorized) and then 200 again and that's strange, so I want to get the token for which we have this behaviour.
So I would like a way to get token with 200, then 401, then 200 again
Problem is I only want token with this scenario, I have to many documents to use my eyes to check and I'm not able to do a relevant query, not an expert yet of elasticsearch.
I have ten of thousands different token, each with hundreds of query
As far as I know there is now way to accomplish that use case.. You can of course query for tokens that have 200 AND 401 responses. If all is sequential then is assumes that use case but assumptions are the mother of all F*** Up's so you need to come up with to verify that..
Looking for sequences of events typically requires a special entity-centric index in addition to the one you have got and can not be done by querying raw data.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.