Search and show result based on comparing terms

jibsonline · August 25, 2018, 9:12am

I have two types of logs shown in kibana

Response

{"origin":"local","type":"response","correlation":"beb2b44b1cef5623","duration":663,"protocol":"HTTP/1.1","status":200,"headers":{"Content-Type":["application/json;charset=UTF-8"],.......
.........
:"success"}}}

Request

{"origin":"remote","type":"request","correlation":"beb2b44b1cef5623","protocol":"HTTP/1.1","remote":"104.124.54.30","method":"GET"......
.......
.......
}}

NB. The value for 'correlation' would be unique and same for each request and response
I am able to find slow responses using the 'duration' term from response. I want to map the correlation term and show the request instead of the response in search results.

How can I achieve the same?

jibsonline · August 25, 2018, 5:04pm

Should I be using the join datatype?

Bargs · August 27, 2018, 4:34pm

The join datatype won't help here because Kibana doesn't support it yet. If you can manage it the best thing to do here would be to normalize your data so the request and response info are in a single document.

system · September 24, 2018, 4:34pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana visualization for time difference Kibana	3	1963	February 15, 2018
Join Style Queries in Kibana Kibana	13	1378	July 22, 2020
Compare fields and report Kibana	5	302	February 3, 2023
Changed field to integer Kibana	3	795	July 6, 2017
Cann't Visualize certain term in kibana data table Kibana	2	1396	February 17, 2017

Search and show result based on comparing terms

Related topics