I commonly need to find patterns within relation to a certain event. For instance I want to view all error logs after a code deploy, or I have a bug that causes a server crash and I want to look at the 30 minutes worth of logs before the crash.
In other tools I've used (Graphite, and New Relic) you can send special events for a code deploy and then those will be displayed in the graphs as a vertical line.
This feature in graphite is similar to what I want: graphite.readthedocs.io/en/latest/events.html
I tried using append with two queries:
This query finds the application startup: host="server-01.internal" WFLYSRV0025
This query finds shows me everything I'm looking for host="server-01.internal" ERROR
This was what I tried in append:
host="server-01.internal" WFLYSRV0025 | append [search host="server-01.internal" ERROR]
However I can't differentiate between the regular search results and the event I want to highlight.
I've tried quite a few things and can't seem to figure out how to show the events I'm looking for?
... View more
