I have a dashboard which show results through the selected dropdown. The selected api will display only api_resposne which it has corresponding downstream_response as well. But the issue is the downstream_response can only be searched with the trackid of api_response. is there a way to show the data of api_response corresponding with the results of downstream_response?
In theory, yes. You take the field from the api_response and add it to your search of the downstream_response
How do I take the field from api_response and add it? Can you please give me an example.
I thought of adding extra search space for TrackIdto add * for all and take that token to api_response and from that api_response tokens only to downstream but that would be too heavy, I guess.
Can you give some examples of the events (anonymised, of course) you are dealing with from both sources and the search or searches you are using in your dashboard so we can see where we are starting from?
Here is the sample logs for API_Response and Downstream_Response. Only two fields are matching in this logs.
2000-1-1 1:0:0.00 INFO : logType=API_RESPONSE, duration=100,
request={"headers":"Accept":"application/json","Content-Type":"application/json"},"method":"POST",
"body":{"body"},"parameters":{},"uri":"/api/apiresponse/search/"}, configLabel=,
requestId=Thisoneismatching11111, response={"headers":{"statusCode":"OK"}, requestUri=/api/apiresponse/search/,
threadContextId=Thisoneismatching22222, message=COMPLETED request /api/apiresponse/search/,
source = /apps/logs/api_response.log sourcetype = response_log
2000-1-1 1:0:0.00 INFO logType=DOWNSTREAM_RESPONSE, duration=100,
request={"headers":{"Accept":"application/json","Content-Type":"application/json"},"method":"POST",
"body":{"uri":"https://abcdefg.com/downresponseservice/api/downresponse"},
configLabel=, requestId=Thisoneismatching11111, response={"OK":{"statusCode":"OK"}}, requestUri=https://abcdefg.com/downresponseservice/api/downresponse,
threadContextId=Thisoneismatching22222, message=<<< Outbound REST response,
source = /apps/logs/downstream_response.log sourcetype = response_log
From my Dashboard I am using inputlookup and based on the api it should show result for downstream as well.
here is the query i used for my dropdown dashboard
|inputlookup abc.csv| search Name="$Nme$" uri="$apis$" | dedup opName | table opName
here is the search query, still not able to figure out
index=main *_RESPONSE | spath input=request | spath input=response
| lookup abc.csv uri OUTPUT opName
| search Name="$Nme$" opName="$opeNme$" uri="$apis$"
Does this help?
index=main *_RESPONSE | spath input=request | spath input=response
| lookup abc.csv uri OUTPUT opName
| stats values(*) as * by requestId threadContextId
i tried but it didnt work, shows all the logs.
Not sure how to achieve it but from the dashboard perspective i chose the api then based on that api it has downstream which i am still confused how am i supposed to get the downstream response only through selected api's and these requestId/threadcontextId are matched only on which are hidden in logs. i believe it has to be coded with js or sth.
I thought you wanted to see the other logs? Try adding your filter
index=main *_RESPONSE | spath input=request | spath input=response
| lookup abc.csv uri OUTPUT opName
| stats values(*) as * by requestId threadContextId
| search Name="$Nme$" opName="$opeNme$" uri="$apis$"
yup i wanted to see the other logs but through the selected api from dropdown, and get the logs of api logs and downstream logs on two different panel. but this search query is missing that thing.