I want to note down the first occurrence of a particular log type and adding key event according to that. Also after that if same type of log comes again than don't do anything till the type of log doesn't changes.
How to achieve this purpose ?
If i can use variable (e.g. flag variable) which can be used as mark for log occurrence. Is there any kind of memory associated with variable in logstash so that it doesn't lost for further log message till file ends.
Let me take an example to make clear the question
log messages contain two types of logs i.e server up or server down.
if server up comes no issue key event will be added
but first occurrence of server down message should be note down and further server down log messages should be ignored till server up message doesn't come.
How to do this ?
Thanks