0

I got one different use case from my client which I need to identify a set of log data which got recorded in sequence at any line in the log file and they want to view the identified sequence in Kibana and its related count. I am wondering whether it is possible to achieve it in Logstash filter or in Kibana query.

Below is my log file.

enter image description here for example I have to get the count of the below sequence appeared anywhere in the log file.

1. LS=Select    
LS=Symmetry      
LS=Select     
LS=Select     
LS=Mirror     
LS=Select      

2. LS=Select     
LS=Modify     
LS=* (which can be anything)    
LS=Select      
LS <> Select (This needs to be a command)

Please advice whether its possible to achieve.

Mangoski
  • 2,058
  • 5
  • 25
  • 43
  • Since logstash work on the format one line = one event and since event are not aware of the other event, I'd say logstash is the wrong tool for what you want to do. – baudsp Feb 16 '18 at 10:24
  • @baudsp. Thank you so much for your response but is there any way we can achieve it in leasticsearch query or in Kibana search? – Mangoski Feb 16 '18 at 15:52
  • In kibana, I don't think it's possible (but my experience is in Kibana 4.0, so it might be possible in more recent versions). As for elasticsearch, I don't know (I never really understood how the queries work). – baudsp Feb 16 '18 at 16:46

0 Answers0