Please find the query and sample logs, Issue is when there are no logs with any of the Msgs, that coloumns are showing null, tried fill null command but not working. index=app-index source=applicat...
See more...
Please find the query and sample logs, Issue is when there are no logs with any of the Msgs, that coloumns are showing null, tried fill null command but not working. index=app-index source=application.logs
|rex field= _raw "application :\s(?<Application>\w+)"
| rex field= _raw "(?<Msgs>Initial message received with below details|Letter published correctley to ATM subject|Letter published correctley to DMM subject|Letter rejected due to: DOUBLE_KEY|Letter rejected due to: UNVALID_LOG|Letter rejected due to: UNVALID_DATA_APP)"
|chart count over Application by Msgs
|rename "Initial message received with below details" as Income, "Letter published correctley to ATM subject" as ATM, "Letter published correctley to DMM subject" as DMM, "Letter rejected due to: DOUBLE_KEY" as Reject, "Letter rejected due to: UNVALID_LOG" as Rej_log, "Letter rejected due to: UNVALID_DATA_APP" as Rej_app
|table Income Rej_app ATM DMM Reject Rej_log Rej_app Sample logs: 2024-01-24 11:21:55,123 [app-product-network-thread | payments_acoount_history_app_hjutr_12nj567fghj5667_product] INFO STREAM_APPLICATION -
Timestamp:2024-01-24 11:21:55,123
Initial message received with below details:
Application:Login
Code name: payments_acoount_history_app_hjutr_12nj567fghj5667_product
Code offset: -12
Code partition: 4 2024-01-24 11:21:55,123 [app-product-network-thread | payments_acoount_history_app_hjutr_12nj567fghj5667_product] INFO STREAM_APPLICATION -
Timestamp:2024-01-24 11:21:55,123
Letter published correctley to ATM subject:
Application:Success
Code name: payments_acoount_history_app_hjutr_12nj567fghj5667_product
Code offset: -1
Code partition: 10 2024-01-24 11:21:55,123 [app-product-network-thread | payments_acoount_history_app_hjutr_12nj567fghj5667_product] INFO STREAM_APPLICATION -
Timestamp:2024-01-24 11:21:55,123
Letter published correctley to DMM subject:
Application:normal-state
Code name: payments_acoount_history_app_hjutr_12nj567fghj5667_product
Code offset: -1
Code partition: 6 2024-01-24 11:21:55,123 [app-product-network-thread | payments_acoount_history_app_hjutr_12nj567fghj5667_product] INFO STREAM_APPLICATION -
Timestamp:2024-01-24 11:21:55,123
Letter rejected due to: DOUBLE_KEY:
Application:error-state
Code name: payments_acoount_history_app_hjutr_12nj567fghj5667_product
Code offset: -1
Code partition: 4 2024-01-24 11:21:55,123 [app-product-network-thread | payments_acoount_history_app_hjutr_12nj567fghj5667_product] INFO STREAM_APPLICATION -
Timestamp:2024-01-24 11:21:55,123
Letter rejected due to: UNVALID_LOG:
Application:Debug
Code name: payments_acoount_history_app_hjutr_12nj567fghj5667_product
Code offset: -18
Code partition: 2 2024-01-24 11:21:55,123 [app-product-network-thread | payments_acoount_history_app_hjutr_12nj567fghj5667_product] INFO STREAM_APPLICATION -
Timestamp:2024-01-24 11:21:55,123
Letter rejected due to: UNVALID_DATA_APP:
Application:logout
Code name: payments_acoount_history_app_hjutr_12nj567fghj5667_product
Code offset: -4
Code partition: 0