Hi Folks,
Is it possible to create dashboard on daily (24hrs) log data ingestion size for multiple events?
The overview shows cumulative data ingested into graylog per day however it doesn’t provide the breakdown, for example which logs made up the most data and from which sources.
is there a way to do so using search and charts?
Thanks,
Navdeep
I have not found any cumulative diagrams from Graylog, but you can have a histogram. First create a search that contains the messages you want, then customize the histogram (make it stacked with the field “source”).
but would that contain the message size?
No. If you want to query the size of the message in Elasticsearch, you’ll have to install and enable the Mapper Size plugin:
basically, we can see from system > overview outgoing traffic stats per day.
However, what i would like is to see beside daily traffic,
a. breakdown of traffic size by source (sources)
b. breakdown of traffic size by type (like windows event 4624 logged 2GB data)
As I said before, you’ll have to use the Elasticsearch Mapper Size plugin for that.
But be warned, that the size of the messages in Elasticsearch is not equal to the outgoing traffic in Graylog (on the System page).
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
