I have two log files and the transaction will cross two log files. The following are fields in the elasticsearch and there is no correlation field in these two Logs.
- LogFile A: timestamp, customerID, result
- LogFileB: timestamp, logLevel, message
Now my use case is in the LogFileA, we got the report than transaction for the customer C1 failed, then we need to find out why it fail and there is usually some root cause in the LogFileB. Because there is no correlation field, the only way we can use the timestamp. We can search by customerID and result to get the timestamp T1 in logFileA and find out all log message in the LogFileB with timerange [T1, T1+1minute]
But the kibana does not support drill down. Is anyway we can implement this kind of correlation in Kiabana?
Thanks!