|
Hi all, We have a system which always logs two lines, Eg: 1) Operation | Status | Time 2) Operation | Type I want a search which would return all the second lines, where the first line Status is Failed. Eg. If I have these four logs, I want a search which returns only the 4th line (because the status of the operation is fail) GET | SUCCESS | 100ms GET | type1 GET | FAIL | 1000ms GET | type1 Any ideas on how I can achieve this? Thanks a lot! |
|
I'd extract the "type1" value as a field and then create a transaction. Alternatively if you have some kind of unique identifier that connects the two, using a subsearch is more efficient. Say your log looks more like this: Then you could extract the identifier (let's call the field "id") and the type1 value ("type") and do: |
