Hello all,
I am trying to evaluate my process using two consecutive events and know whether my process succeeded or failed. My log is set up as below:
1. When process is started, I get - #Timestamp# Started MyProcess
2. When process is completed successfully, I get - #Timestamp# Completed MyProcess
3. If it fails, I get - #Timestamp# Terminated MyProcess
The process usually takes a minute or so. I would like to query and find out whether the process has succeeded or failed and also, how long it took. For the immediate (my process runs many times in a day and so I need to compare only the immediate/ consecutive entries) combination of Started and Completed, the status should be success, whereas for Started and Terminated, the status should be Failed.
My base query is like:
index=myIndex sourcetype = applogs "Started MyProcess " Or "Completed MyProcess" Or "Terminated MyProcess"
Any help would be highly appreciated! Thanks much!
Cheers!
PS
... View more