Hi,
This is what my team is currently doing for log analysis using grep & excel
Step 1) Find all occurrences of logs that contain PATTERN1 OR PATTERN 2.
Example output:
t1: Log with PATTERN1
t2: Log with PATTERN1
t3: Log with PATTERN2
t4: Log with PATTERN1
Step 2) Extract instances ONLY WHERE PATTERN2 follows PATTERN1
From above output:
t2: Log with PATTERN1
t3: Log with PATTERN2
Step 3) Analyze other fields in "Log with PATTERN1" from the output of Step 2.
How can I achieve the same within Kibana? I suppose I'll have to use Query DSL. I am reading about joining queries and nested queries but some pointers will be helpful.
For the record, the logs do have an ID with which we can 'join' the two events but they are guaranteed to be unique only for a short duration after which they can be re-used.
Also, the log with PATTERN2 has a timeout of 3 seconds. i.e. if it comes it will be within 3 seconds.
Appreciate any help.
-Thanks
Nikhil