Where log matching grouping operator doesnt exist in time range

Follow
Avatar
omar omar

Hi! Any thoughts on how I would filter in Sumologic all matching logs such that aggregating by a field, there is no matching log with the same field value greater than 15 minutes ago?

For example lets say we have these logs for the last hour, with two fields: id, and timestamp:

  • id 1, 30 minutes ago
  • id 2, 10 minutes ago
  • id 1, 5 minutes ago

because "id 1" has a matching log from 30 minutes ago, i want to also exclude all logs "id 1", including the log from 5 minutes ago from the result. But because "id 2" doesn't have a matching log like from greater than 15 minutes ago, I want to keep that result.

Thanks for the guidance!

0

Comments

1 comment

Sort by Date Votes
  • Avatar
    Shobhit Garg

    Hi Omar,

    It would be nice if you can elaborate a little more about the requirement. With current provided information, I could not understand much about your requirement,

     

    Thanks

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post