Search and show result based on comparing terms

jibsonline · August 25, 2018, 9:12am

I have two types of logs shown in kibana

Response

{"origin":"local","type":"response","correlation":"beb2b44b1cef5623","duration":663,"protocol":"HTTP/1.1","status":200,"headers":{"Content-Type":["application/json;charset=UTF-8"],.......
.........
:"success"}}}

Request

{"origin":"remote","type":"request","correlation":"beb2b44b1cef5623","protocol":"HTTP/1.1","remote":"104.124.54.30","method":"GET"......
.......
.......
}}

NB. The value for 'correlation' would be unique and same for each request and response
I am able to find slow responses using the 'duration' term from response. I want to map the correlation term and show the request instead of the response in search results.

How can I achieve the same?

jibsonline · August 25, 2018, 5:04pm

Should I be using the join datatype?

Bargs · August 27, 2018, 4:34pm

The join datatype won't help here because Kibana doesn't support it yet. If you can manage it the best thing to do here would be to normalize your data so the request and response info are in a single document.

system · September 24, 2018, 4:34pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.