Hello,
I have application log message with following details as message : " some message; partition=-1;offset=-1;lag=275545;RetryCount=0; some message ".
All my message will have "lag=". "lag" is a key comes as a part of message. I need to query to find out lag value greater than 500 or with in a range.
What is the query syntax should I give get extract based on my message.
Thanks
Hi
The recommended way would be to extract this value when ingesting data. This could be done with e.g. with logstash or using the Elasticsearch ingest pipeline. Would that be an option for you?
Best,
Matthias
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.