Hi! This is currently not possible in graylog2 itself, however you could of course access the data in elasticsearch directly. For the future, once we support elasticsearch 1.x, we will look at enabling aggregations support from the web interface.
Right now we are mostly focussed on textual data, and plotting distributions/line charts of single metrics. However, all the data is there, and provided that the elasticsearch mappings are correct (i.e. the metrics are stored as float/int and not string) you should be able to quickly get numbers you need. Best, Kay On Tue, May 13, 2014 at 1:24 AM, Jarred Masterson <jarred.master...@gmail.com> wrote: > I don't know if this is something that can be achieved currently or not. I > currently have a syslog data stream sending detailed IO stats and I would > like to perform some analysis on the extracted fields. An example of what > I'm trying to achieve currently: Some of the disks are members of a zfs > raidz volume and I I can easily enough search for just those device names > now that I am extracting them. What I would like to do, however, is to > perform a mathematical operation on their statistics, graph the results, and > place that on a dashboard. > > For example if I take the "IO Reads Per Second" and then sum them together > with the "IO Writes Per Second" then I can graph the total IOPS for the > drive cluster. I can currently graph the metrics separately and can limit > the results based on the device id from the search bar. I can graph the > individual metrics, however, when I combine the graphs, I lose the value > item from the graphs gear menu. I this instance I would like to be able to > display those statistics as a stacked bar, showing the total IOPS and > visually quantifying the proportion of reads vs. writes. I also seem to > lose the ability to send a combined graph to a dashboard, which seems odd. > > Another example math operation for this data stream: I am extracting the > KBs read as well as KBs written per second. Again I can get the graph the > metrics for a given group of drives, however, since these are typically > large numbers I would like to be able to divide the number by 1024 to > convert it to Megabytes per second instead of looking at the graph and > seeing that the cluster wrote 3240K Kilobytes in that particular unit of > time. > > -- > You received this message because you are subscribed to the Google Groups > "graylog2" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to graylog2+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
