Logstash filter, how to find first and last log?

Hi,

I have some log with timestamp, keyID, message, or more. Those logs don't have start_tag and end_tag, however messages don't. Can I use mutate filter find the first and last log by keyID(machineID)?
Below are some my log.

{ "LogDateTime":"2018-08-29 17:14:15.542882", "LogLevel":"info", "Message":"S", "keyID":"65dcea76" }
{ "LogDateTime":"2018-08-29 17:14:15.543613", "LogLevel":"info", "Message":"80<E>", "keyID":"65dcea76" }
{ "LogDateTime":"2018-08-29 17:14:15.543679", "LogLevel":"info", "Message":"Len:5|38-30-3C-45-3E", "keyID":"65dcea76" }
{ "LogDateTime":"2018-08-29 17:14:15.547011", "LogLevel":"info", "Message":"Len:15|38-31-3C-72-63-3D-34-3E-30-30-30-30-3C-45-3E", "keyID":"65dcea76" }
{ "LogDateTime":"2018-08-29 17:14:15.547046", "LogLevel":"info", "Message":"81<rc=4>0000<E>", "keyID":"65dcea76" }
{ "LogDateTime":"2018-08-29 17:14:15.628773", "LogLevel":"info", "Message":"E", "keyID":"65dcea76" }
{ "LogDateTime":"2018-08-29 17:14:15.637684", "LogLevel":"warning", "Message":"SSL_get_error:5", "keyID":"65dcea76" }
{ "LogDateTime":"2018-08-29 17:14:15.637725", "LogLevel":"warning", "Message":"errno:0", "keyID":"65dcea76" }
{ "LogDateTime":"2018-08-29 17:14:15.637785", "LogLevel":"warning", "Message":"MainStatusMachine::ReadClientMessage runtime_error", "keyID":"65dcea76" }

Thanks for your help.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.