Hi,
I would want to know the current event and the after event of that particular current event.
1.First i would want to search for a particular number sequence 12345.
2.Then find the event that occurs right after it.
3.I want the result to have both the events.
4.index,source and sourcetype for both the events are same.
Example:
In the below set of data,
Srvcs.APIController - Start - [12345]
Srvcs.evntcontroller - service not found
Srvcs.APIController - attempting
Srvcs.APIController - Start - [12345]
Srvcs.errcontroller - invalid call
Srvcs.APIController - attempting
Result i want is
Srvcs.APIController - Start - [12345]
Srvcs.evntcontroller - service not found
And for the second set
Srvcs.APIController - Start - [12345]
Srvcs.errcontroller - invalid call
Kindly help me with this
↧