Hello,
We have a use case where we are indexing log files and we have to find a set of lines when they appear next to each other. Example, in the log snippet below, we need a query that will find only line # 2, 3 and 4. If we simply do an OR on "first line" or "second line" or "third line" we will get line #1 and #5 also. If somehow we can use a range query where we add a criteria that in the matching doc the timestamp field should be not more than 10 sec apart from the previous doc then only line #2, 3 and 4 will come. Is something like this possible or is there another way to achieve this?
1 2021-02-19 13:24:15.798411(-0500)[10224:10600] DBG first line
2 2021-02-19 14:24:15.798411(-0500)[10224:10600] DBG first line
3 2021-02-19 14:24:16.120100(-0500)[10224:10600] INF second line
4 2021-02-19 14:24:26.946610(-0500)[10224:10600] ERR third line
5 2021-02-19 15:24:26.946610(-0500)[10224:10600] ERR third line
Thanks in advance for your help.