Hi,
I'm trying to filter on the logs of spring boot application.
I want to calculate the time that a POST request takes.
The search query im trying is
**index="xyz" correlationid="1234"| stats values(correlationid) min(_time) AS start max(_time) AS end | eval duration=end-start**
Here, i manually search for the events which are POST requests, then i get the correlation id of that request, and then i use it in the query.
The reason why im directly not using the string "POST" is that there are other logs too that get generated after a POST request is made till the POST returns status as successful. SO i have to consider all those events. Is there a way where in i can search the correlation id from all the events and then use the obtained correlation id to fetch all the events with that correlation id.
Example of logs
10.30 2019 | 1234 | POST /data
10.31 2019 | 1234 | data verified
10.32 2019 | 1234 | successfully posted data
I need the duration 10.32-10.30=0.02
↧