I would like to then create a further Aggregation based on this (showing a pi-chart of current statuses), by grouping by the Latest(o365_alert_status) field and using the count metric.
Can I create either a nested Aggregation, an Aggregation based on this Aggregation or can I create a metric, based on another metric (or any other solution)?
2. Describe your environment:
Package Version: Graylog 4.3.8+8c4705e on graylog (Private Build 1.8.0_342 on Linux 5.15.0-48-generic)
4. How can the community help?
Does anyone have any advice on how (or if) this is achievable?
I have not created a widget for a “Aggregation based on another Aggregation”. Sound good thou.
As for…
I gave this a try and was unable to create a PIE chart with Latest Value. Here was the test I execute.
Trying to mimic your widget lay out but I had to use different fields.
Yes, the pi chart won’t show anything in my example as I can’t convert the results of the metrics (latest value in my example) into a numeric count (likely using cardinality as you have suggested). I’m currently using the above data table as a work around and sorting by status to see what’s open or new.
Alas, it seems it’s not currently possible to use cardinality on the latest value (or use a metric of a metric).
