Hi all,
I have a log file that briefly logs file in this pattern.
For e.g.
Available 12-01-2014 03:03:44
So if there is no change in the status, the timestamp gets updated every minute (it doesn't creates a new line)
The previous sample might be changed to the following.
For e.g.
Available 12-01-2014 03:04:44
If there is a change in the status, a new line will be created (and if no change in status, only the timestamp gets updated).
For e.g.
Available 12-01-2014 03:04:44
Unavailable 12-01-2014 03:04:50
I am able to create dashboards for logs that appends new line at the end of file, however, I'm unable to monitor the above mentioned logs that does not append new lines but instead updates the existing line.
My search string is as follow (it works for logs that appends new lines)
index="index_name" | stats latest(status), latest(availability_date), latest (availability_time)
The dashboard always shows the latest line at first (which is what I want), however when the dashboard gets updated again, it will automatically show the earliest result in the log file instead.
Anybody able to help?
... View more