Getting event correlation of log data across different systems using elasticsearch

I have a week of log data collected across multiple systems. I have stored them in elasticsearch. I need to find a way to get correlation of log events across different systems. For example an error in the app server captured in the syslog caused a 404 error for a user captured in the HTTP Apache log.
The major fields available in all the logs are:

  1. Timestamp
  2. Log type
  3. Server ip address where the event was logged
  4. Error message

Is there any method (using ELK or otherwise) where I can get event correlation across the different log types?


1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.