Our company recently upgraded to the newest graylog version. The most important feature for us was the “Quick Values” widget.
Based on documentation, this has been replaced by the field action “Aggregate”. Unfortunately, this option is missing for us and we have to work around using the Aggregation feature, which is quite annoying if you need multiple specific fields.
Do we need to activate a specific configuration? Or do we need to install a plugin?
Thanks in advance 
please check the community. It is full with same topic.
Please use search.
please check the community. It is full with same topic.
Please use search.
I actually did. There are many many topics about the old quick values and how to replicate them.
Suggestions there are
Still, I did not find a thread about the option not being there. That’s why I am asking for advise about some configuration we are missing… If I am not capable of searching for the correct terms, it would be kind to point me to the right topic 
Rollback
A rollback would only be sufficient to get the “Quick Values” default widget back. Which is what we don’t want. We are willing to use the new functionality which is intended to be replacing the quick values.
More precisely, the one named “Aggregate” located under field actions: https://docs.graylog.org/en/3.2/pages/searching/widgets.html#field-actions
In our current setup, this option is not there for whatever reason and we want to enable it if possible - or want to understand why it is not there at least.
Aggregate got renamed to “show top values” in a recent update. Is that also not showing for you?
Thats an important information yes it is, but for some reason it is greyed out. Do we need to configure extractors or something to use that function?
if the field is grey it means that this function is not possible on the field you want to run that on. I guess you have tried this on the field message?
No, I tried that on a static field we added to our logs to filter based on our application. And as far as I can tell, all our added static fields are not working for this option. Fields like e.g. source are working.
Is there a way to configure fields to work with the ‘Show top values’ option?
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
