Hi,
I am using ELK version 6.1.1 with in my Ubuntu 16.04 LTS.
problem statement:
I have logs which are getting logged in every hour. First I want to find max of a particular field coming in that log line, now I want to get that log line whose field's value is max and extract value of another field from that logline and show on matrix visualization.
I am able to get the max of that field but i don't know how can we get that logline and extract another field from that.
It is just like a db query - SELECT field2 FROM loggs WHERE field1 = 'max(field1)' AND duration = 'selected_duration';
Can anyone help me out to get the solution?
Thanks