'Identify state depending on one or more log lines

I have logs for file imports

01-01-21 10:00:00  File Read   , filename_a
01-01-21 10:00:01  File failed , filename_a
01-01-21 10:00:01  File Read   , filename_b
01-01-21 10:00:02  File failed , filename_a
01-01-21 10:00:03  File succeed, filename_a
01-01-21 10:00:04  File failed , filename_b

how can I detect that file "a" has been successfully imported, while file "b" is in a failure mode?

I've tried transaction but to no avail.

transactionsstatesplunk


Solution 1:[1]

Once you have the status and filename fields extracted, select the most recent event for each file. That will tell you the current status.

index=foo
| rex "File (?<status>\w+)\s*, (?<filename>.*)
| dedup filename

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1

Related Questions

Creating JPA session for background threads

is there a way to set after_commit callbacks to a specific ActiveRecord transaction

Correct use of transactions in SQL Server

Full managing of fragments flow in Android

MongoError: Cannot call abortTransaction twice; MongoError: Cannot call abortTransaction after calling commitTransaction

Does host should increase ATC (Application Transaction Counter) (EMV tag 9F36) after unsuccessful transaction?

Single Large Transaction VS Multiple Small Transaction

create oracle transaction using C#

How to trigger commit programmaticaly on Spring Webflow 2 with Flow Managed Persistence Context

NetSuite - Using SuiteScript to Create Button to Print Packing List on Transfer Order

Eth, how to call a deposit function from a smart contract

detached entity passed to persist - on findByMethod

MQ: What happens if a message rollback FAILED?

select query inside loop - Database connections in JPA

How to test a Django on_commit hook without clearing the database?