Dynamic dashboard for multiple days during Specific Time Ranges

Hello Graylog Community,
I would like to ask for your help. I’ve been working with Graylog to monitor logs in the specific times, and I’ve come across a problem. Although I successfully created a dashboard that displays data for today from midnight to 6 am using a Time Range picker and keywords. However, I’m looking to expand this functionality to include data from previous days as well.

Specifically, I would like to create some kind of self-updating dashboard that shows the logs from multiple days, all filtered just from midnight to 6 am.
I have tried to use Search Queries but since I have been using Open Search 2.9.0 I was not able to execute query with the otherDate field. Or am I missing something?

Is there a simple way to achieve this with the picker, or should I set up a specific pipeline to accomplish this task? If any of you have experience with similar use cases or can provide insights into how I can achieve this, I’d greatly appreciate your help.

Thank you so much in advance for your assistance!

You will need to add the hour of the day (as a number not time) to the messages, and then you can filter it in the search.

In your pipeline you can use .hourofday (see example in this link) Disable Graylog Alert on specific time - #3 by ericwu

Then write that value as a number to a field, then in your dashboard widget query include hour_of_day:[9 TO 17] or something like that.

You can do these for other things as well like .dayofweek etc.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.