Dor Rotman
Reputation: 1551
ELK: Merge multiple events into one
My system logs requests.
If and when a response arrives, I want to have it logged with the request object.
Meaning, when I query ElasticSearch for activity, I'll get a row for each request, either containing a response or not. This is similar to an SQL LEFT OUTER JOIN.
I am open to solutions everywhere along the Logstash-ElasticSearch pipeline. However, since this is time-series data, aggregation buckets are not a possible solution since they prevent paging.
Thanks.
Upvotes: 1
Views: 1232
Answers (1)
Asaf Yigal
Reputation: 104
Your best bet would be to store the request with the response every time you log them. You can also have scripted queries in Elasticsearch - complicated solution but can work.
Upvotes: 1
Related Questions
- ELK - Duplicate log
- Logstash [aggregate filter] to pass data between events
- Processing multiple logs from the same machine using ELK
- How to merge two ElasticSearch documents for Kibana
- Aggregation in Logstash-ElasticSearch
- Combining log entries with logstash
- Logstash: Merge two logs into one output document
- Logstash to output events in Elasticsearch bulk API data format
- Combine logs and query in ELK
- How to aggregate same events in logstash into one new event