Hi, I have one scenario. I am pushing certain ID in thread context from application for each transaction along with individual log messages, which means all docs in kibana for that transaction will have same ID, Ex:
Transaction 1
message: abc, reqId: 123
message: def, reqId: 123
...
Transaction 2
message: xyz , reqId: 456
message: mno, reqId: 456
Is there a way to fetch all messages belonging to a certain reqId, if I am searching based on message, in a single query in kibana.
Like if I search "abc" I need to get all the messages which has requestId 123. that is abc and def.
It can be done by first searching message and getting Id and then again searching based on ID, but I wanted to know if it's possible using single query in kibana
If we are talking about Discover part of Kibana, you can click on "Add a filter" (usually + sign) and add filter reqid equals 123. It filters everything with 123. Then you can search for your value "abc" on the search bar.
No, I wont be knowing reqId beforehand. I will just have message "abc", when I search this, it should dynamically get reqId assoicated with this message, and get all messages related to that reqId
Oh i see. Maybe something like this works for you?
message: "abc" OR reqId: (message: "abc")
I did not test it but give it a try please.
No, this is giving syntax error. And how does reqId get populated dynamically based on the message in this query?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.