Hello,

I have a trace of events that we're logging as a JSON, correlated by an id field An example:

Event:

{
    "log": "{
        data of the current request
    }",
    "level": "INFO",
    "message": "message that it's repeated",
    "id": "an-uuid"
}

For the same ID, something like this can happen:

Log 1:

{
    "log": "{
        data of the current request
    }",
    "level": "INFO",
    "message": "message that it's repeated",
    "id": "an-uuid"
}

Log 2:

{
    "log": "{
        data of the current request
    }",
    "level": "INFO",
    "message": "message that it's repeated",
    "id": "an-uuid"
}

Log 3:

{
    "log": "{
        data of the current request
    }",
    "level": "INFO",
    "message": "message that it's repeated",
    "id": "an-uuid"
}

Log 4:

{
    "log": "{
        data of the current request
    }",
    "level": "INFO",
    "message": "another message",
    "id": "another-uuid"
}

I need to get those events that got the message field with the text "message that it's repeated" three times in a row. The timing is spaced by roughly 20 seconds between each log that contains that message.The result I'm expecting is only getting their IDs. Nothing else

That scenario represents a service call that we're retrying, but it's not happening in all the scenarios. I need to retrieve the id of those events.

I'm able to match the events that contains the message, but I didn't figure it out how to filter that dataset and I didn't find anything that help me with this so far.

Could you shed some light on this?

Thanks in advance!