I have connection logs for a database. I need to identify users making certain queries. I'd like to:
1. Search for a string identifying the query
2. Check that whole transaction for the original "open connection" event to get the IP address
3. The IP address is a load balancer, so I have to check that IP/port in the load balancer logs to get the actual user IP address
How do I string these searches together to get a list of user IP addresses doing a particular query? I suspect the "transaction" command is key here, but I haven't found a clue in the examples.
↧