Hi I have a log with entries similar to below
11:32:12,988 INFO [LOG TYPE: REQUEST] [REQUEST ID:46783e96-e146-4d35-9a3a-5ff95226a8bb] ...
11:32:14,364 SEVERE [LOG TYPE:EXCEPTION] [REQUEST ID:46783e96-e146-4d35-9a3a-5ff95226a8bb] ...
11:32:14,364 INFO [LOG TYPE:RESPONSE] [REQUEST ID:46783e96-e146-4d35-9a3a-5ff95226a8bb] ...
What I'm looking for is a search which displays all 3 which have the same REQUEST ID if it finds a SEVERE or LOG TYPE:EXCEPTION
Transaction almost sounds like what I want so I tried the following
sourcetype=cas SEVERE | transaction RequestId maxspan=5s maxpause=5s
However this only brings back the SEVERE entry.
Is there a way to do this with transaction or should I be looking at JOIN?
Thanks for your assistance
... View more