Hello,
In my application, each action generates a series of logs. For example :
First suite of logs for the same value of data1/data2/data3 :
{data1: "val1", data2: "val2", data3: "val3", level: "INFO", level_value: 2000, message: "init ....", ....}
{data1: "val1", data2: "val2", data3: "val3", level: "INFO", level_value: 2000, message: "check....", ....}
{data1: "val1", data2: "val2", data3: "val3", level: "ERROR", level_value: 4000, message: "save....", ....}
Second suite of logs for the same value of data1/data2/data3 :
{data1: "val1", data2: "val22", data3: "val3", level: "WARN", level_value: 3000, message: "init ....", ....}
{data1: "val1", data2: "val22", data3: "val3", level: "INFO", level_value: 2000, message: "save....", ....}
In order to present in kibana the number of logs generated for the triplet data1/data2/data3, I created a data aggregation table (Aggregation based) :
- 3 Buckets Rows : data1, data2, data3
- 1 Metrci : count that calculates the number of logs for this data triplet.
For example :
- First suite of logs : I have a line with 3 columns val1/val2/val3 and the metric which is 3
- Second suite of logs : I have a line with 3 columns val1/val22/val3 and the metric which is 2
My objective :
I want to display in this aggregation table, a new information "Status Log" which indicates if a series of logs contain an error or not, based on the "level" and "level_value" data.
Example of expected result :
- First suite of logs : new column will display the text ERROR (because max(level_value) equals 4000)
- Second suite of logs : new column will show text SUCCESS (because max(level_value) is different from 4000)
If I use this new column as a metric, the only function I can apply is MAX on the "level_value" field, but I can't introduce logic into the MAX metric like :
- If max(level.value) calculated is equal to 4000, then the metric displays "ERROR"
- Else, it displays "SUCCESS"
Is there a way to do my need?
Thank you very much in advance.