We have a specific problem with one of our applications that can be identified by seeing one message in our logs (call it message A) that is NOT followed by a second, different type of message (message B) from the same IP address within 60 seconds. Message A and message B together is OK, message B on its own is OK, but message A on its own means something is wrong.
We currently have an alert set up every time message A appears and someone has to manually go and search to see if there are any corresponding occurrences of message B.
Is there any way to write a query in sumologic that will automate this process?
Please sign in to leave a comment.