Hi Team,
I shipped tomcat logs logstash=>ES and now visualizing in Kibana. Here i need some tips.
Row of my logs becomes filed=message (index) and if i query for user=xyz and filter as 400, i can find a graph saying xyz user got 20 400 errors.
But i am trying to generalize it as "how many users got 400 errors or how may POST/GET request etc"
how can i build a generalized logic here?
this is how field=message looks like:
IP "GROUP Name" ID [Timestamp] "REST Call" return-code bit "URL" "Browser Details" userid count
Thanks & Regards...