Hi All,
I have two different sources of log and want to display respective entries from each source based on a extracted field value from the first log. For e.g:
Log 1: Jan 6 15:33:13 xxxxx : trans(2735890423)[response][247.116.54.12] gtid(2735890423😞 |Test|service|247.116.54.12|2f4ad7ae-a4f9-324d-8d1a-8d98b414c496|2735890423||||/rest/services|documentId
Note - the field that need to be extracted from this log is value of gtid(2735890423), which is extracted as tranid. (highlighted with bold font)
Log 2: Jan 6 15:33:13 xxxxx : trans(2316097519)[response] gtid(2735890423): |Test|service|transaction type|response||2f4ad7ae-a4f9-324d-8d1a-8d98b414c496|2735890423:2316097519|2018-01-06T15:33:13-08:00|5|86|86|success|200 OK
Requirement is, get the value of the dptranid from log 1 and search the other source log for respective entries. This has to be done dynamically, meaning the entry from log 1 has to be search from a different search param but the query has to be in such a way that it returns entry from both logs.
For eg: as of know we are using: index="log1" /rest/services --> which results in entries from log 1. then we manually select the tran id from the log and then use another search query to get the result from log 2. I want to write a single query for the same purpose.
Thanks.
... View more