Trying to correlate data in kibana for reports

sagar19 · August 23, 2018, 2:16pm

I am trying to correlate data so that i can generate a report. The start of the log has a message 'TRANSACTION_STARTED' and there is GatewayTxCode associated with it. The last log has message 'TRANSACTION_SUCCESS' (or failure). I need to generate a report where I need to show correlate these logs with the help of GatewayTxCode. Is there anyway we can do this in kibana and generate reports? I am pasting the json doc of the log message.

{
"_index": "abcd-local-2018.08.23",
"_type": "logevent",
"_id": "2_b0bc7bb1-6402-49db-9e4a-3aa3982d828a",
"_version": 1,
"_score": null,
"_source": {
"@timestamp": "2018-08-23T12:14:18.8640746+01:00",
"level": "Information",
"messageTemplate": "TRANSACTION_SUCCESS",
"message": "TRANSACTION_SUCCESS",
"fields": {
"GatewayTxCode": "7845a46d-d834-4a00-9ae5-08ed5ed55350",
"CorrelationId": "7ae5f117-f1e8-44a1-afec-5a433c2751b5",
"SourceContext": "xyzr",
"Service": "PWSP",
"EnvironmentId": "cdef",
"EnvironmentUserName": "abcd"
}
},
"fields": {
"@timestamp": [
"2018-08-23T11:14:18.864Z"
]
},
"sort": [
1535022858864
]
}

Any help will be much appreciated.

Thanks,

Sagar

Marius_Dragomir · August 24, 2018, 10:39am

Hello,

Elasticsearch is not a database, it's a document store. Generally speaking, the way to work with document stores is to denormalize your data as much as possible, usually by replicating data that you would normally group up into different tables in a relational database. So the short answer, you can't .
The long answer: if you ingest the data in 2 different indices, you could do something similar by using this Logstash ingest plugin. https://www.elastic.co/guide/en/logstash/current/plugins-filters-elasticsearch.html

But for what you're looking, an SQL database is what you need.

system · September 21, 2018, 10:40am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.