I'm a complete beginner with Kibana and Elasticsearch and I was wondering if I could use a field's value to find the value of another field.
Example:
I have 10 logs in one index, and they all have a 'txn_id' field and a 'log_type' field.
I want to find the 'txn_id' of the logs with 'log_type: "response"'.
Sure, just add a filter where log_type is "response" and then you can look through the records to see what the txn_id is. Or, you could create something like a tag cloud visualization, add the filter, and then do a terms aggregation on txn_id to see the top values for it.
Hi Lukas, I appreciate the help above, but I don't think I typed out my question correctly. What I'd like to find out is how to find the txn_id of the logs which have the log_type "MER_REQUEST", but do not have the log_type "MER_RESPONSE".
For example:
A log with txn_id, "ABC123" has 4 logs, with one being "MER_REQUEST", another being "MER_RESPONSE" and the remaining being other random log types.
Another log with txn_id, "DEF456" has 6 logs, with one being "MER_REQUEST" and the remaining being other random log types.
I'd like to find the logs like "DEF456" and have them displayed in a data table visualization, but I can't seem to find a method to do so.
How do you link the different events? It might be easier for us to understand if you can show what the events actually look like rather than try to describe it.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.