Hi guys,
Currently we are doing a search across our unicorn error logs, basically excluding a bunch of garbage that we don't want to be alerted on. After this search is run, however, we want to also omit certain full transactions as well (if possible). I tried to do a join, then a new search with NOT, then transaction, but that doesn't seem to be working. Do you know of any ways where we could omit full transactions after doing an initial search?:
index=storefront-unicorn source="/var/log/ruby_storefront/unicorn-err.log" NOT ("failed to fetch street" OR "NoMethodError - undefined method `[]' for nil:NilClass:") AND NOT ("spawned pid" OR "spawning..." OR "timeout (61s > 60s), killing" OR "worker=* ready" OR "ERROR -- : reaped # worker=*") AND NOT ("[BUG] Segmentation fault" OR "CFUNC") AND NOT ("warning: regexp match /.../n against to UTF-8 string" OR "invalid ObjectId [personalization]" OR "/home/deploy/.rvm/gems/ruby-2.0.0-p247/gems/rtr_ruby_http-0.4.85/lib/rtr/sinatra/helpers/showroom_helper.rb:24:in `merge'" OR "rentalStartDate cannot be null" OR "{\"code\":400,\"message\":\"exceptions.InvalidZipCodeException: destinationZip" OR "NoMethodError - undefined method `user_id' for nil:NilClass:" OR "Encoding::CompatibilityError - incompatible character encodings: UTF-8 and ASCII-8BIT:" OR "TypeError - no implicit conversion of nil into String:" OR "TypeError - no implicit conversion of nil into String:") | join type=left NOT [search index=storefront-unicorn source="/var/log/rtr/rtr_ruby_storefront/unicorn-err.log" | transaction startswith="CFUNC" endswith="/home/deploy/.rvm/gems/ruby-2.0.0-p247/gems/multi_xml-0.5.5/lib/multi_xml/parsers"
↧