I have a log file with repeating patterns looking like this. Notice there are only 3 distinct field names and pay attention to the 4th, 5th and 6th lines:
Time1 field1: value1
Time2 field2: value2
Time3 field3: value3
Time4 field2: value4
Time5 field1: value5
Time6 field3: value6
Time7 field1: value7
Time8 field2: value8
Time9 field3: value9
So I have 1 interesting information per line and I would like to group these events together into a single event (probably requires usage of transactions). The result should look like this (pay attention to the 2nd line):
Time1 => Time3 - field1: value1, field2: value2, field3: value3
Time4 => Time6 - field1: value5, field2: value4, field3: value6
Time7 => Time9 - field1: value7, field2: value8, field3: value9
Unfortunately, as you can see, the order in which these fields are coming is more or less random. I can only rely on these rules, binding the lines together:
* "field3" always closes a transaction
* "field1" and "field2" have relatively close timestamps (5 minutes at most between them)
I've tried many combinations of "transaction", "filldown" and "sort" functions, but I'm unable to get the expected result.
Could somebody help me ?
... View more