How to get every logs of a user before an error

pinguo · March 28, 2017, 11:44am

Hi,

I have a website and an api who send logs to Elasticsearch. When an error occur on the website or the api, i would like to see every logs (website and api) of my user before that error (with kibana) by putting the user id in the search bar.

I tried to use Data Table and scripts but i didn't manage to achieve what i want and i really want to avoid to write a plugin. In my logs, i have the group id, the user id and the session id. I used these in the scripts and Data table.

Can you guide me please ?

spalger · June 13, 2019, 8:53am

I would probably do something like this with a dashboard like below:

The dashboard is based on two saved searches, one for all logs and one for error specific logs. The second bar chart is errors, and the table shows the top ip addresses in those errors (I don't have user ids in my data). You could then click on an ip address in that table to filter the dashboard by that ip, and adjust the time frame by brushing/dragging a selection on the bar chart that focuses on the time surrounding the error:

pinguo · March 29, 2017, 11:33am

Thank you !

system · April 26, 2017, 11:34am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.