Thanks for the reply, here is the trail of what I am doing
host=uat-server source=/var/log/elapp/api/worker.log error (within time duration last 24 hours)
this gives out with large number of repeated error logs like below
[2018-08-09 06:49:49,653: ERROR/30541] ES Request Error: [code=ed142], [orig_status=404]
[2018-08-09 06:48:46,445: ERROR/13572] ES Request Error: [code=40d08], [orig_status=404]
[2018-08-09 06:04:57,109: ERROR/4706] [2dfb2838-7ac4-4b74-abb9-b63e9cce28d2] raised unexpected: AttributeError("'NoneType' object has no attribute 'get'",)
[2018-08-09 04:00:42,561: ERROR/4874] [a81f570e-61d9-4441-a46d-32dbbba5ceea] raised unexpected: AttributeError("'NoneType' object has no attribute 'get'",)
[2018-08-09 01:52:50,736: ERROR/4863] [1d783dda-688b-451a-82a0-9c97b9e27eb8] raised unexpected: AttributeError("'NoneType' object has no attribute 'get'",)
[2018-08-09 07:28:45,978: ERROR/4847] [20c9e539-745a-42bd-900f-b1233f680c42] raised unexpected: AutoReconnect([Errno 104] Connection reset by peer)
but just to search out if there is any new error I had to repeatedly search by adding the key word with AND NOT every time to just check out if there is any other error that I have missed to check and report, following is my full query when I finally arrive with no more errors to search
host=uat-server source=/var/log/elapp/api/worker.log error AND NOT "ES Request Error" AND NOT AttributeError AND NOT "Historical/Future Index found" AND NOT AutoReconnect AND NOT "Retrying connecting ES"
so if there was a spunk query that can give me all the distinct error logs (cause they are all the same just the time stamp is different) and I don't have to go on and on to build up my search query with AND NOT because every error has its own further course of action so its imp to get all the errors.
... View more