Find out if started transaction successfully ended with painless script in elastic search

i have below requirement not sure if its possible with painless please help me its very urgent
requirement
Please find below log response .
in response json if we have txnname (published ) , txnNum and txnstatus . how to identify the count of completed and incomplete.
completed :- for same txnnum if i found the status received and processed
incomplete :- if txn started with status received but not found any match for same txn with status processed

{
"took": 40,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 77733,
"max_score": 1,
"hits": [
{
"_index": "testnew-ind-2018.12.18",
"_type": "doc",
"_id": "j75NwmcBZgQl9kZ2HhXY",
"_score": 1,
"_source": {
"classname": "testclass",
"Filter1": "108493602",
"txnname": "published()",
"beat": {
"name": "test",
"hostname": "testsysname",
"version": "6.4.2"
},
"prospector": {
"type": "log"
},
"input": {
"type": "log"
},
"Timestamp": "2018-11-29 21:04:09",
txnNum: "13851513416",
"@timestamp": "2018-12-18T17:11:27.364Z",
"possiblestatus": "possibleDuplicate = false",
"@version": "1",
"txnstatus": "received",
"interfacenumber": "8",
"fields": {
"log_type": "test-log-type"
},
"filter2": "txnInfo",
"host": {
"name": "testsysname"
}
}
},
{
"_index": "testnew-ind-2018.12.18",
"_type": "doc",
"_id": "mL5NwmcBZgQl9kZ2HhXY",
"_score": 1,
"_source": {
"classname": "classname",
"Filter1": "308745124",
"txnname": "published()",
"beat": {
"name": "testsysname",
"hostname": "testsysname",
"version": "6.4.2"
},
"prospector": {
"type": "log"
},
"input": {
"type": "log"
},
"Timestamp": "2018-11-29 21:04:11",
txnNum: "05830212552",
"@timestamp": "2018-12-18T17:11:27.365Z",
"LogLevel": "INFO ",
"possiblestatus": "possibleDuplicate = false",
"tags": [
"beats_input_codec_plain_applied"
],
"@version": "1",
"txnstatus": "processed",
"interfacenumber": "6",
"fields": {
"log_type": "test-log-type"
},
"filter2": "txnInfo",
"host": {
"name": "testsysname"
}
}
},
{
"_index": "testnew-ind-2018.12.18",
"_type": "doc",
"_id": "mL5NwmcBZgQl9kZ2HhXY",
"_score": 1,
"_source": {
"classname": "classname",
"Filter1": "308745124",
"txnname": "published()",
"beat": {
"name": "testsysname",
"hostname": "testsysname",
"version": "6.4.2"
},
"prospector": {
"type": "log"
},
"input": {
"type": "log"
},
"Timestamp": "2018-11-29 21:04:11",
txnNum: "13851513416",
"@timestamp": "2018-12-18T17:11:27.365Z",
"LogLevel": "INFO ",
"possiblestatus": "possibleDuplicate = false",
"tags": [
"beats_input_codec_plain_applied"
],
"@version": "1",
"txnstatus": "processed",
"interfacenumber": "6",
"fields": {
"log_type": "test-log-type"
},
"filter2": "txnInfo",
"host": {
"name": "testsysname"
}
}
}

See entity centric indexing

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.