- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to search a log file based on the field value extracted from another log file?
I need to read content from a second log file based on the field value which is extracted from the first log file. I did a filter using a keyword and got search results from the first log file (say firstlog.txt). I extracted a field file_name="secondlog.txt" using regex from first log file (firstlog.txt). The second file gets created with the same name (secondlog.txt) as field value which I extracted from the first log file. I need to display the content from both the log files and I am facing difficulties in searching the second log file.
I tried the below search and second search part is not returning any results. I need to correct the highlighted part.
index="aaa" AND host="xxx" source="D:\firstlog.txt" ERROR fields file_name| append [search index="aaa" source=mvjoin("D:\", mvindex(file_name,0)) ]
Please help me with this.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try this (this assumes file_name is a field that has been extracted and has multiple values)
index="aaa" source=[search index="aaa" AND host="xxx" source="D:\\firstlog.txt" ERROR | eval search="d:\\\\".mvindex(file_name, 0)]
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the help. Unfortunately, it did not work out.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can the share the result of these two requests
index="aaa" AND host="xxx" source="D:\\firstlog.txt" ERROR | table file_name
*AND*
Click on Job>>Inspect Job, look for litsearch (Ctrl+F litsearch) in the popup window. Share that.
