Quering for a value between two strings

Merlin_Nunez · August 15, 2018, 5:48pm

Hey All,
Sorry if this has been asked befower, I don´t know how to search for it.
But basically I want to match events based on a value in between two tags:

response: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TransactionResponse>
    <Result>
        <ResponseCode>1030</ResponseCode>
        <ResponseMessage>Invalid token</ResponseMessage>
        <ResponseTimestamp>15082018170001</ResponseTimestamp>
        <MerchantID>AUP006DM006</MerchantID>

I need to be able to target any events that contains:

<ResponseCode>1030</ResponseCode>

With any number except from 1000.

Any ideas?

Christian_Dahlqvist · August 15, 2018, 6:29pm

Best way would be to parse the data in the document into separate fields before indexing them into Elasticsearch.

Merlin_Nunez · August 15, 2018, 6:37pm

I know, but at them moment I don´t have the time to mess with the grok filter and all the testing that requires.
We handle a high volume incoming data, and a change in performance could be catastrophic.
Is there a way to do it in kibana for now?

Christian_Dahlqvist · August 15, 2018, 7:29pm

I can’t think of any way right now.

system · September 12, 2018, 7:29pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.