Hi team, I am creating a query to fetch a unique id from different events which are having different statuses. If two log events are having same unique id and with status="START" & status="END"...
See more...
Hi team, I am creating a query to fetch a unique id from different events which are having different statuses. If two log events are having same unique id and with status="START" & status="END" then that application has completed 1 success iteration or else it should be error. I created one query can't understand how to compare the 'correlationId' from different events. Can anyone please help with the query to compare the 'correlationId' from different events along with below query. >> index="dev" | rex "\"Status\\\\\"\s:\s\\\\\"(?<Status>[^\\\]+)" | stats count by applicationName,Status|where Status in("START","END") Below are the logs for 'Start' & 'End' events. log: [2021-09-01 04:14:10.216] INFO api [[PythonRuntime].uber.12772: [tyt-autoencoding-dev].get-terms-from-oc/processors/1.ps.BLOCKING @f089563] [event: 80961137-6734-4f7f-8750-3d27cdf2a4eb]: { "correlationId" : "80961137-6734-4f7f-8750-3d27cdf2a4eb", "Status" : "START", "priority" : "INFO", "category" : "com.tayota.api", "elapsed" : 0, "timestamp" : "2021-09-01T04:14:10.215Z", "applicationName" : "Toyato Encoding API", "applicationVersion" : "v1", "environment" : "Development", } log: [2021-09-01 04:14:10.216] INFO api [[PythonRuntime].uber.12772: [tyt-autoencoding-dev].get-terms-from-oc/processors/1.ps.BLOCKING @f089563] [event: 80961137-6734-4f7f-8750-3d27cdf2a4eb]: { "correlationId" : "80961137-6734-4f7f-8750-3d27cdf2a4eb", "Status" : "END", "priority" : "INFO", "category" : "com.tayota.api", "elapsed" : 0, "timestamp" : "2021-09-01T04:14:10.215Z", "applicationName" : "Toyato Encoding API", "applicationVersion" : "v1", "environment" : "Development", } Thanks in advance.