I would like to create a screen that shows the main errors in the last few hours?
using linux operating system
Hey,
Linux, depending on the file you want. Is it a service that you want as “main errors in the last few hours” or is it the Operating system that you want “main errors in the last few hours”.
Windows, you could extract the “EventID” with the “Channel” OR use a fields called “Severity” which should have your WARN, ERROR, INFO status. From there you can create your Widget/Dashboards. This would depend on how your shipping those logs and what type of Input your using.
In my graylog I use sidecar filebeat collector to capture the log of my application. I would like to create a table that shows the top 10 errors that occur.
I use version 4.3.8 of graylog.
Hey @alanlima25
You would need to extrac the error and create the field from that message. Once completed you can create your top 10 errors.
As for extracting the error in logs, you could either use Extractors or Pipelines.
Here are simple examples…
Extractor:
regex_value: (\s+ERROR)
Pipeline
rule "linux"
when
has_field("message") AND contains(to_string($message.message), "ERROR")
then
set_field("status","ERROR");
end
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.