Hi, I have received a request to search logs like the way grep does with A & B options, i.e. display n lines before or after matching the search string.
Is there any option/plugin that allows me to do that or do I need to write my own?
I am familiar with "view surrounding documents" option which is not what I am looking for.
-Thanks
Nikhil
@Nikhil_Utane would you mind elaborating why "view surrounding documents" isn't what you're looking for and what its deficiencies are? This sounds like the most obvious candidate.
Sure.
Message 1: Exit code : XYZ
Message 2: Session Close
Giving an hypothetical example.
Suppose I want to search for all occurrences of Message 2, which could be 100s, 1000s. From there I want to look for another message that arrives before this. May not be the immediate preceding one. So if I am using grep, I can output a set of these few lines, for all the occurrences, in one shot. And if I want I can filter further to the relevant exit code.
If I am using 'view surrounding documents option', then I'd have to open every single message and look for documents before or after manually. Now imagine doing this for 100s and 1000s of hits.
I do not want to use multi-line filters since the messages I want to search could be too many and I don't want to modify my ingest pipeline every time user wants to search a log message.
In general, I think we need a command-line grep like tool to search for logs inside elasticsearch.
So that I could do something like this with ease.
grep -B 5 "Session Close"|grep "Exit Code: XYZ"
Hope that clarifies.
Thanks for the additional explanation @Nikhil_Utane. When you initially go to "View Surrounding Documents", it will unselect all filters which have been applied, so that you can see all of the surrounding messages. It's also possible at this point to add a new filters, so that you can filter the surrounding documents to find the message which you're looking for:
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.