HI,
we have log which has some key value pairs and one of the key is instance which has values like 0,1,2
when ever there is an issue,application logs displays instance 0 crashed,instance 0 STARTED instance 1 STOPPED
i am trying to display in scatter chart in x-axis time and in Y-Axis status like UPDATE,CRASHED,STARTED or STOPPED
here is the search i am trying with table but how can we show them in scatter
when i try to display in table with below search,for last column newmsg always displays UPDATE for all
index=myindex messtype=* ori=* orgname=* env=PROD (appname=demo-prod OR appname=demo-prod OR appname=demo-PROD2) | eval newmsg="UPDATE" | rex field=msg"(?CRASHED|STARTED|STOPPED)" | table appname, time, source_instance, newmsg | sort appname, time, source_instance, newmsg
here is the sample log
<6>2017-01-01T05:59:42Z 2ejoqs8tf0q doppler[20]: {"appid":"beaffaf8-28d8-4d2b-959b-c71a7547283f","appname":"demo-prod",
"ignoredapp":false,"orgid":"55c398bc-86d0-4443-ad97-1711fe264638","orgname":"LATAM-MX-DIGITAL","cf_origin":"firehose",
"space_id":"51e0484a-d642-4f37-b979-d40336913f8f","env":"CC-PORTAL-UAT3","deployment":"cf","event_type":"LogMessage",
"ip":"168.72.205.40","job":"cloud_controller-partition-a2833c853cfafee70104","job_index":"2","level":"info","messtype":"OUT",
"msg":"App instance exited with guid beaffaf8-28d8-4d2b-959b-c71a7547283f payload: {\"instance\"=\u003e\"d0bfa02d-43d8-439c-7d4b-d29cb9e13835\",
\"index\"=\u003e0, \"reason\"=\u003e\"CRASHED\", \"exit_description\"=\u003e\"2 error(s) occurred:\n\n* 2 error(s) occurred:\n\n* Codependent
step exited\n* cancelled\n* cancelled\", \"crash_count\"=\u003e134, \"crash_timestamp\"=\u003e1483250382557858527,
\"version\"=\u003e\"7e7e8a62-a249-4608-a69b-d55daf3947c6\"}","origin":"cloud_controller","source_instance":"2","source_type":"API",
"time":"2017-01-01T05:59:42Z","timestamp":1483250382577570779}
... View more