Specifically, I'm trying to tag the last event prior to an exception. So, when you encounter an event that matches some criterion, go back and find the last event and then add a tag to it. Is this possible?
I assume there are more convenient ways to handle this stuff down the pipeline. Kibana, for instance, should make this pretty easy. But I'm wondering whether there's a way to do it specifically within logstash.
I think this would be best achieved with our Watcher product. You'd want to setup a watch that would look for exceptions, then query for the event occurring previous to that.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.