Filtering logs based on the content of other logs in Kibana

Ernesta_Duglas · October 21, 2019, 8:35am

Hi,

I will pose this question on rather high level, but if you feel like you need more info and code samples to answer, please let me know and I'll try to provide it.
So let's say I have the following logs in my Kibana:

{"infoMessage":"PENDING","orderNumber":"112233", "date":"2019-10-15"}
{"infoMessage":"PENDING","orderNumber":"12345", "date":"2019-10-15"}
{"infoMessage":"APPROVED","orderNumber":"12345", "date":"2019-10-16"}
{"infoMessage":"DECLINED","orderNumber":"54321", "date":"2019-10-16"}

I need to filter out only logs that have pending orders, meaning I should get only:
{ "infoMessage":"PENDING","orderNumber":"112233", "date":"2019-10-15"}

I should not get
{"infoMessage":"PENDING","orderNumber":"12345", "date":"2019-10-15"}
since order 12345 was approved on 2019-10-16.

Thus is there a way to filter out the logs based on the content of other logs? Or maybe you have any ideas how could I achieve the above mentioned result?

I'm using Kibana 7.3

Many thanks!

Marius_Dragomir · October 25, 2019, 1:35pm

First, just trying to frame the problem. If an order that was pending was declined, it still shouldn't be displayed in the results, right?

Ernesta_Duglas · October 25, 2019, 8:44pm

Yes, that's right.

system · November 22, 2019, 8:47pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How can I filter certain information from the logs? Kibana	8	452	December 6, 2023
Filter messages that contains some specific text Kibana	5	32258	December 12, 2021
Logstash - filter message Logstash	3	232	April 23, 2020
Filtering question Logstash	11	377	February 5, 2019
Unexpected Behavior of Kibana Query for Filtering Logs with Specific Keywords Kibana	2	182	December 28, 2023

Filtering logs based on the content of other logs in Kibana

Related topics