Thanks for the reply, here is the trail of what I am doing
host=uat-server source=/var/log/elapp/api/worker.log error (within time duration last 24 hours)
this gives out with large number of repeated error logs like below
[2018-08-09 06:49:49,653: ERROR/30541] ES Request Error: [code=ed142], [orig_status=404]
[2018-08-09 06:48:46,445: ERROR/13572] ES Request Error: [code=40d08], [orig_status=404]
[2018-08-09 06:04:57,109: ERROR/4706] [2dfb2838-7ac4-4b74-abb9-b63e9cce28d2] raised unexpected: AttributeError("'NoneType' object has no attribute 'get'",)
[2018-08-09 04:00:42,561: ERROR/4874] [a81f570e-61d9-4441-a46d-32dbbba5ceea] raised unexpected: AttributeError("'NoneType' object has no attribute 'get'",)
[2018-08-09 01:52:50,736: ERROR/4863] [1d783dda-688b-451a-82a0-9c97b9e27eb8] raised unexpected: AttributeError("'NoneType' object has no attribute 'get'",)
[2018-08-09 07:28:45,978: ERROR/4847] [20c9e539-745a-42bd-900f-b1233f680c42] raised unexpected: AutoReconnect([Errno 104] Connection reset by peer)
but just to search out if there is any new error I had to repeatedly search by adding the key word with AND NOT every time to just check out if there is any other error that I have missed to check and report, following is my full query when I finally arrive with no more errors to search
host=uat-server source=/var/log/elapp/api/worker.log error AND NOT "ES Request Error" AND NOT AttributeError AND NOT "Historical/Future Index found" AND NOT AutoReconnect AND NOT "Retrying connecting ES"
so if there was a spunk query that can give me all the distinct error logs (cause they are all the same just the time stamp is different) and I don't have to go on and on to build up my search query with AND NOT because every error has its own further course of action so its imp to get all the errors.
... View more
I am getting many errors while just writing keyword error when searched from a single log file like Retrying connecting ES, AutoReconnect, AttributeError, etc
I want to take out the distinct errors, and every time I had to go and write all the errors in search bar with "AND NOT" keyword just to figure out if there is new error came apart from the listed above, is there a way just to output these distinct errors like select distinct query of SQL?
I tried out different queries from this forums from other threads but none of them seemed to work like transaction, dedup etc.
... View more