I'm currently evaluating using ES and logstash as a central log management. Aside from storing logs in ES, I will need to do some querying and reports as well. This is where I get into troubles, because I'm not sure how to solve the following problem.
I have a service, where a certain user logs in via web page. That login is logged in apache log. Login is then further forwarded to Radius server(logs to his log file) and from there, to LDAP server, which also logs to his own file. I would like to extract information(last log line) for a certain user to figure out, where the login failed(http,radius or ldap). This would be a script for helpdesk, to quickly check where login stopped and investigate further. In SQL database, I could just link(=) fields in database and get a match. Something like SELECT httpd.username, httpd.full_log_message, radius.full_log_message, ldap.full_log_message FROM httpd,radius,ldap WHERE httpd.login = radius.login AND radius.login = ldap.login LIMIT 1 Can I achieve that in elasticsearch? How is that called in elasticsearch? Can someone provide an example or link to it? Thanks, Matej -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/c8a239e8-a1ac-43d9-bc2d-3ce58cc204c4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
