I have a log with an extractor where I get: name of job, args, and status (start, end) on each line.
I would like to query for a period all jobs where “status is running” (status start and not end), but I don’t know how may I do that (pipeline, extractor, counter ?)
Do you have an idea ?
did you extracted (by extractor or pipeline) that information out of your log line? To make such a request you would need that information in a single field to query that.
I extracted data with a regex extractor (never used pipeline right now).
I have 1 field cycle: (Start or End-, one other field with job name, other with args, ect…
what fields than did you have in your message? Without knowing that it is hard to give help with a query …
your query should be something like:
HR_query_CYCLE:Start AND NOT (HR_query_CYCLE:End OR HR_query_CYCLE:Anormly End)
The Documentation on how to search might help you: http://docs.graylog.org/en/2.2/pages/queries.html
Suppose I have following log:
01:00 CDELMT = Job1; CYCLE = Start
01:15 CDELMT = Job1; CYCLE = End
01:40 CDELMT = Job1; CYCLE = Start
I run the query at 01:50
The result I want is show only Job1 started at 01:40 because job started at 01:00 ended at 01:15
If I execute your query I will show the start of 01:00 and 01:40 no ?
Thanks, I know where is the time zone search
Problem is I need to get 1 result(01:40( and not 2(01:00 and 01:40) with this query
without a plugin I can’t imagine how to get that currently.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.