Counting lines with specific field value

mig · September 6, 2022, 12:09pm

Hi,

I have log lines like theses ones:

{"app":"app1", "needrestart":1}
{"app":"app2", "needrestart":0}
{"app":"app3", "needrestart":0}
{"app":"app1", "needrestart":1}
{"app":"app4", "needrestart":1}

And I want to make a single number dashboard to tell me there are 2 apps to restart. It seems very simple but I can’t figure how to achieve this. Note: app can have multiple entries, but only the most recent one must be used.

Thanks for your help !
Mat

ihe · September 6, 2022, 3:11pm

Hi @mig

seperate your logs into machine-readable fields. Field “app” and field “needrestart”.
filter for needrestart:1
add a widget counting the card() of the field app. This will tell you how many different values exist for the field “app”. This is the number you are looking for.

cheers,
ihe

mig · September 7, 2022, 9:24am

Hi,

It works, thanks a lot. For those who don’t know (like me), the card() function means “cardinality”

Bye.

system · September 21, 2022, 9:25am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Count of unique values Graylog 3.3.2 Graylog Central (peer support)	3	7131	August 13, 2020
Getting a table in a Dashboard Graylog Central (peer support)	1	807	February 6, 2018
Count number of sources Graylog Central (peer support)	5	2942	June 29, 2020
Basic 2 Axis line graph Wiget Graylog Central (peer support) dashboards	12	797	August 26, 2022
Simplest possible number search Graylog Central (peer support) alert , dashboards	1	24	March 12, 2025

Counting lines with specific field value

Related topics