Can we take search results on data in ES as input

(Charles Deng) #1

Can we take a specific search results from log data already in ES as input ? this will help on demand extract and create more value info from logs along with analysis.

(Jochen) #2

Please elaborate on what you’re trying to achieve.

(Charles Deng) #3

log system can be also a platform for on demand log analysis. we prepare some pipeline rules before log get in. but when we looks into them and to analysis on them, maybe we found later we can generate more correlation, filtration and aggregation based on the current data in ES, and them will help us on easy our reports with those report tools on hands eventually.

also when i apply pipeline rules, i found it is more about processing on single log message, lack of a strong way to aggregation operations across log messages. maybe this not in graylog design goals.

