I think I may need a few example messages that you want to find and group to fully understand your case. You can also contact me directly if you feel uncomfortable sending this over the mailing list. Anonymise parts of it if needed.
On Tue, Dec 31, 2013 at 1:54 PM, Ürgo Ringo <[email protected]> wrote: > Thank you for quick reply. > > However, in our case we are interested in getting the stats of all errors. > We don't know upfront what exactly they are but rather we need to group > messages having similar beginning or something in the middle of the message. > Whole message may not be identical because it can contains some user data or > other context information which is different. > > Maybe it is somehow possible to set the event_type based on some content > scanning algorithm? > > > Thanks, > Ürgo > > > On Monday, December 30, 2013 11:41:51 PM UTC+2, lennart wrote: >> >> That is easy in Graylog2 v0.20.0. Actually there are several ways: >> >> * Search for all messages that start with "foo": foo* AND bar=baz - >> Then use the number of found events (in the selected time frame). >> * Do the same as above and add it to a dashboard as number widget. >> * Probably the best way: Create a new stream and match all messages >> that start with "foo" using a regular expression: ^foo.+ - You can now >> see those messages with one click, use the stream result count on a >> dashboard and even subscribe to the events or be alerted once a >> certain level of events is reached. >> >> It is even easier if you can group the messages by a specific field. >> Like event_type=foo >> >> Note that some of those features are only in the current development >> branch and you may have to wait until the first week of January to >> fully use them. >> >> Hope that helps! Let me know if you have any questions. >> >> Thanks, >> Lennart >> >> On Mon, Dec 30, 2013 at 9:01 PM, Ürgo Ringo <[email protected]> >> wrote: >> > How easy is it to find out how many occurrences of errors are there in >> > given >> > time period? >> > So it should be somehow possible to group events with same message text >> > beginnings ignoring the timestamp and other request specific data. >> > >> > >> > Thanks, >> > Ürgo >> > >> > >> > -- >> > You received this message because you are subscribed to the Google >> > Groups >> > "graylog2" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. > > -- > You received this message because you are subscribed to the Google Groups > "graylog2" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
