I have a week of log data collected across multiple systems. I have stored them in elasticsearch. I need to find a way to get correlation of log events across different systems. For example an error in the app server captured in the syslog caused a 404 error for a user captured in the HTTP Apache log.
The major fields available in all the logs are:
- Timestamp
- Log type
- Server ip address where the event was logged
- Error message
Is there any method (using ELK or otherwise) where I can get event correlation across the different log types?
Thanks