Hi, I have some big files of log filled each 15 seconds with a heartbeat test result.
For example one of this file is like this :
2018-07-17 10:14:41.646166 TRACE Service:Sales.API Result:OK
2018-07-17 10:14:56.646166 TRACE Service:Sales.API Result:OK
2018-07-17 10:15:10.646166 TRACE Service:Sales.API Result:K0
2018-07-17 10:15:24.646166 TRACE Service:Sales.API Result:OK
2018-07-17 10:18:24.646166 TRACE Service:Sales.API Result:OK
For monitoring purpose I am only interested about KO result and detect if the heartbeat ping is not running :
-
I want to know if there is a known pattern to aggregate this input and produce at output a summary as follow :
file1, purpose : "Detect KO result" :
2018-07-17 10:15:10.646166 TRACE Service:Sales.API Result:K0
file2, purpose : "Detect heartbeat system fail to run" :
from to level service message 2018-07-17 10:15:24.646166 2018-07-17 10:18:24.646166 TRACE Service:Sales.API HeartBeat missed