Recovering printing logs from print server, i have a simple dashboard to show which user is printing how many pages to which printer. I’ve had no problems with this.
Param5 = Printer
Param3 = User
Param8 = Pages Printed
Today I saw this in log messages, 2 red users have printed off 410 pages each (can’t put the photo because i’m a new user). But won’t calculate onto the ‘main’ dashboard. This has happened once or twice but it wasn’t a big deal but if i’m missing more than a 1000 pages printed its not great for my boss.
Description of steps you’ve taken to attempt to solve the issue
Tried remaking the dashboard, not sure how to go on because all the stats I want are there.
Environmental information
Debian 11, a couple of inputs from office365/dc’s/data servers
Elasticsearch exception [type=illegal_argument_exception, reason=Field [winlog_user_data_Param8] of type [keyword] is not supported for aggregation [sum]].
The ‘count’ function works fine I find… I have a ‘totals over 30days’ which is working fine, however when many pages are printed it seems to bug out
interesting… My understanding of count (counting messages) in your case would mean you get approximately one message per page printed… except when there are lots of pages printed? can you post what a typical message looks like and a 410 pages printed looks like? What does the error look like that you are seeing on large print jobs?
The “keyword” error you are getting is because Elasticsearch has guessed (wrongly) that the contents of winlog_user_data_param8 should be text rather than numeric (long, double). To fix that you would have to either create a new field of it and force it to be numeric or (more challenging) set a custom field for winlog_user_data_param8 in Elasticsearch and set the type to long. … I still think you want SUM rather than COUNT…
edit; starting to realise i think i’ve understood this function correctly, 99% of printing jobs are 1 page ‘jobs’ which didn’t tilt me to the fact it doesn’t ‘count’ like i was thinking.
