I have set of events like below
SessionID="F4E22EFDB35791C879400BABAD77879C",TransactionID="9885533d-b9a3-48ba-a6a1-fefa2aca2c8d",TimeStamp="2016-12-05 21:08:51,560", EventType="ProductFulfilment", LogType="INFO " EventDetails="INFO : Product Fulfilment Acknowledgment : DB Operations - Start",User="2745", SearchSpace="123", OrderID="161205-PB031-00144", ProductType="P1"
SessionID="F4E22EFDB35791C879400BABAD77879C",TransactionID="9885533d-b9a3-48ba-a6a1-fefa2aca2c8d",TimeStamp="2016-12-05 21:09:43,356", EventType="ProductFulfilment", LogType="INFO " EventDetails="INFO: latest to be merged Orders: [] marked to complete",User="2745", SearchSpace="123", OrderID="161205-PB031-00144", ProductType="P1"
SessionID="F4E22EFDB35791C879400BABAD77879C",TransactionID="9885533d-b9a3-48ba-a6a1-fefa2aca2c8d",TimeStamp="2016-12-05 21:10:43,356", EventType="ProductFulfilment", LogType="INFO " EventDetails="INFO: latest to be merged Orders: [161205-PB031-00144, 161219-PB031-0000W] marked to complete",User="2745", SearchSpace="123", OrderID="161205-PB031-00144", ProductType="P1"
I have same type of events for other ProductType and OrderID. I am trying to find he time difference between first event and last event group by OrderID (which is unique) for a month
Finding last event is tough for me, OrderID should be in array [] ([161205-PB031-00144, 161219-PB031-0000W] ), which will occur only once in its life cycle. But i have another event which has OrderID as separate property.
Can anyone tell me how can i find the time taken by each Order in certain time interval?? I tried below one but it not working.
index="vss" source="/logs/app-event.log" EventType="ProductFulfilment" | transaction startswith="INFO : Product Fulfilment Acknowledgment : DB Operations - Start" endswith="INFO: latest to be merged Orders: [*"OrderID"*] marked to complete" | transaction OrderID
... View more