Filtering logs based on the content of other logs in Kibana

Ernesta_Duglas · October 21, 2019, 8:35am

Hi,

I will pose this question on rather high level, but if you feel like you need more info and code samples to answer, please let me know and I'll try to provide it.
So let's say I have the following logs in my Kibana:

{"infoMessage":"PENDING","orderNumber":"112233", "date":"2019-10-15"}
{"infoMessage":"PENDING","orderNumber":"12345", "date":"2019-10-15"}
{"infoMessage":"APPROVED","orderNumber":"12345", "date":"2019-10-16"}
{"infoMessage":"DECLINED","orderNumber":"54321", "date":"2019-10-16"}

I need to filter out only logs that have pending orders, meaning I should get only:
{ "infoMessage":"PENDING","orderNumber":"112233", "date":"2019-10-15"}

I should not get
{"infoMessage":"PENDING","orderNumber":"12345", "date":"2019-10-15"}
since order 12345 was approved on 2019-10-16.

Thus is there a way to filter out the logs based on the content of other logs? Or maybe you have any ideas how could I achieve the above mentioned result?

I'm using Kibana 7.3

Many thanks!

Marius_Dragomir · October 25, 2019, 1:35pm

First, just trying to frame the problem. If an order that was pending was declined, it still shouldn't be displayed in the results, right?

Ernesta_Duglas · October 25, 2019, 8:44pm

Yes, that's right.

system · November 22, 2019, 8:47pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.