I've got a search problem that I've been trying to solve with some combination of transactions and events.
Hi all. I am trying search for a specific incident in one of our sources. The characteristics of the incident are:
starts with a specific pair of lines, in order (event 1 & 2)
A single occurrence of event A is found in between.
A single occurrence of event B is found in between.
event A & B can be in any order
ends with a specific pair of lines, in order (event 1 & 2)
All the events in a single incident have the same host name and log #.
Example:
hostA log2 event 1
hostA log2 event 2
hostA log2 event A
hostA log2 event B
hostA log2 event 1
hostA log2 event 2
Any suggestions on the best way to capture these incidents?
As I said, I have tried transactions, events and eventtypes, with no luck so far.
Thanks in advance for any advice.
... View more