How to aggregate heartbeat style log

Hi, I have some big files of log filled each 15 seconds with a heartbeat test result.
For example one of this file is like this :

2018-07-17 10:14:41.646166    TRACE    Service:Sales.API  Result:OK
2018-07-17 10:14:56.646166    TRACE    Service:Sales.API  Result:OK
2018-07-17 10:15:10.646166    TRACE    Service:Sales.API  Result:K0
2018-07-17 10:15:24.646166    TRACE    Service:Sales.API  Result:OK
2018-07-17 10:18:24.646166    TRACE    Service:Sales.API  Result:OK

For monitoring purpose I am only interested about KO result and detect if the heartbeat ping is not running :

  • I want to know if there is a known pattern to aggregate this input and produce at output a summary as follow :

    file1, purpose : "Detect KO result" :

      2018-07-17 10:15:10.646166    TRACE    Service:Sales.API  Result:K0

    file2, purpose : "Detect heartbeat system fail to run" :

    from                                               to                                                  level      service                   message
      2018-07-17 10:15:24.646166   2018-07-17 10:18:24.646166  TRACE    Service:Sales.API  HeartBeat missed

no one could help ?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.