Here I want to get before and after 5 lines and host.name only when the message matches error in email using x-pack in elasticsearch in the form of plain text format. Please, anyone, help me here.
You can put together something like this using the Search transform to query for logs within a time bound around the timestamp on the error message, say +/- 5 seconds using a range query. Getting exactly 5 lines before and after is a bit more difficult. You might be able to trim the results with a Script transform as part of a Chain transform, though, if it's critical.
@gbrown please give me the code for after matching the message. I'nt once match the pattern message display before and after +/-5 lines of the error match lines to be print . and let me how to get report to my mail. Please tell me any one .
I think the tough part here is to come up with a definition of what 5 lines above or below something means. This could mean you want the same five lines in the same logfile, but if it is a syslog file, those messages might actually be from a completely different service. If it is from an apache log, those next lines might be from a completely different IP address. So you need to define first for yourself what exactly this means. Do you want to filter by IP, by host, by service, by log level. And only after doing this one can come up with a query.
This is also the reason, why it is super hard for anyone external to your usecase to come up with concrete queries.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.