For our Graylog application, which is monitoring of our different application servers (~20), we would like to search on a specific application server occasionally. We have included an application_server field which uniquely identifies each application server.
Is there a way to suggest the user a list of values of application_server, so that they do not have to remember the server’s names by heart? As an example, lets say we have two servers application-a and application-b. Is there a way that when application_server: is put in the search bar, that these two server names pop up as suggestions, similarly to the autocomplete of the fields themselves?
Hello,
I must say this is a good idea. It took me a minute to understand so I tried it out in the lab. I see your point. It will not list field data as choices just shows other fields that can be used. We have sources that all start with numbers (i.e.1002-0000-1000.domain.com). To over come this we filter out first two set of numbers source: 1002-0000-* then we create a widget from the Global search like this.
Thanks for the suggestion! Would you know whether there is a way to have the depicted aggregation on the Search page by default?
Although some other alternatives might be found, does this mean that this is not supported by Graylog itself and I could/should create a feature request on GitHub to have it considered?
Probably you are referencing to feature called Parameters. It’s Enterprise feature, so you need to use enteprise license, you can have it for free if your daily data is lower than 5GB/day.
