I have a logs like this
- {"api":"/someapi1","user_ip":"0.0.0.0"}
- {"api":"/someapi2","user_ip":"0.0.0.0"}
- {"api":"/someapi3","user_ip":"0.0.0.0"}
- {"api":"/someapi1","user_ip":"1.1.1.1"}
- {"api":"/someapi2","user_ip":"1.1.1.1"}
- {"api":"/someapi1","user_ip":"2.2.2.2"}
and I want result like this
"api":"/someapi1","user_ip":"0.0.0.0"
"api":"/someapi1","user_ip":"1.1.1.1"
"api":"/someapi1","user_ip":"2.2.2.2"
basically I want to do get the first api call been made by a particular user_ip
whatever I have achieved so far is
fields @timestamp,user_ip
| filter @logStream="fargate/dazn-picks-svc/0dba2605473d45d09d1e8ae00aa52105"
AND ispresent(user_ip) AND isPresent(`private.dazn-picks-svc.api`)
| display @message ,`private.dazn-picks-svc.api`,user_ip
by this we can get all api request by that particular ip
