Hi,
Would like to know if there is a way to write a query that finds out for which all request events, the corresponding response event was missing.
For e.g. In case of below data:
PUT test-index/test/_bulk?refresh
{"index":{"_id":1}}
{"msg_type":"request","msg_id":"abc","message":"Hello"}{"index":{"_id":2}}
{"msg_type":"response","msg_id":"abc","message":"World"}{"msg_index":{"_id":3}}
{"msg_type":"request","msg_id":"xyz","message":"Missing response"}
I want to be able to say 1st and 2nd message form a request and response pair (based on msg_id) so all good there. Where as for the 3rd one the response was missing which needs to be highlighted.
One option for me is to generate a missing response event from within logstash but just want to know if there is a query available to achieve the same.
-Thanks
Nikhil