Hello,
I am trying to organize various types of events into single events.
Currently I have a transaction set up to capture particular types of ERRORS in our system logs.
But there's additional information outside of the transaction that I want to associate with a respective transaction.
To put it plainly, the layout would produce resultant events that look this:
SET_RANGE1
SET_RANGE2
SET_RANGE3
TRANSACTION1
SET_RANGE4
TRANSACTION2
TRANSACTION3
TRANSACTION4
SET_RANGE5
SET_RANGE6
SET_RANGE7
TRANSACTION5
SET_RANGE8
But I want to group and associate the Transaction to the previous SET_RANGE, like this:
Event1 --> SET_RANGE3 , TRANSACTION1
Event2 --> SET_RANGE4 , TRANSACTION2
Event3 --> SET_RANGE4 , TRANSACTION3
Event4 --> SET_RANGE4 , TRANSACTION4
Event5 --> SET_RANGE7 , TRANSACTION5
As you can see, some SET_RANGE events are not needed. Most of the time, there is one SET_RANGE event that happens prior to the given Transaction Event. However, sometimes there are multiple Transaction Events associated to a single SET_RANGE event as I've tried to demonstrate.
Do I need to use savedsearch somehow? Any help is much appreciated!
↧
