0

Graylog newbie here. I was wondering how I could check the flow of messages between dependent services in logs in Graylog. I'll give a small instance to make my self clear. Let's there 4 services A,B,C and D. How do i find this or trace this flow in the Graylog

A->B->C->D->A->C(crash).

Any answer would be appreciated as I am struggling to find answers for this. Thanks!

Aahlad Kethineedi
  • 1
  • 1

1 Answers1

0

In order to tie these messages together, you need some sort of a key value. Some element that is present in all four log sources that lets you know they are related.

It could be a hostname, or an IP. Anything common between the four will do.

If you don’t have a key value, you will have to write a query that includes all four sources.

Something like “source:A OR B OR C OR D”. Then use timestamps to establish the sequence you are looking for.

Blackbox
  • 59
  • 3
  • Thanks for the answer. Is there anything I could do to add the traceId from the message as the common attribute? – Aahlad Kethineedi Aug 07 '22 at 16:38
  • The traceID from which message? You can add a field and value to any message. However, knowing which messages go with that traceid would be challenging. – Blackbox Aug 08 '22 at 17:21
  • Sorry for the late reply but that is exact;y what I am looking for, how do I trace an error occured in one of the services I am using? – Aahlad Kethineedi Sep 26 '22 at 16:01