Hello,
I am new to using ELK stack for application log management. Is there a way to filter multiple records with specified property (session) according to specified field value not present in all but then list all records with queried sessions in kibana/elasticsearch?
In SQL that would be using nested SELECT:
SELECT * from table WHERE sessionID IN (SELECT sessionID from table WHERE customerID='56')
Example records:
log_date [152-125-365] message_type module_name - New connection - customerID = 56
log_date [152-125-365] message_type module_name - Connection info
log_date [586-526-985] message_type module_name - New connection - customerID = 12
...
log_date [785-125-596] message_type module_name - New connection - customerID = 56
Desired output: all session messages with specified customerid:
log_date [152-125-365] message_type module_name - New connection - customerID = 56
log_date [152-125-365] message_type module_name - Connection info
log_date [785-125-596] message_type module_name - New connection - customerID = 56
Thanks