Field statistics/chart on extracted number showing NAN?

uclnj · June 6, 2018, 1:12pm

I created a regex extractor against a firewall syslog message similar to this string smtp-proxy[2155]: msg_id=“1BFF-000F” Allow rcvd_bytes=“7885” sent_bytes=“6333” and when I search for the msg_id, the expanded message shows smtp_rcvd_bytes: 7885.

The extractor includes the conversion to numeric at the bottom yet when I bring up the field statistics for smtp_rcvd_bytes I only get the count - all fields except for cardinality show NAN so I can’t graph this value either.

This is what the extractor shows:

Condition
Will only attempt to run if the message includes the string msg_id=“1BFF-000F”
Configuration
regex_value: rcvd_bytes="([0-9]+)"
Converters
numeric

jochen · June 6, 2018, 2:38pm

Make sure that the message fields you want to analyze are numeric over the complete time range of the query.

You can create a custom index template to enforce a data type:
http://docs.graylog.org/en/2.4/pages/configuration/elasticsearch.html#custom-index-mappings

uclnj · June 6, 2018, 6:33pm

it was the timeframe, some of the results being returned didn’t have the extracted values.

system · June 20, 2018, 6:41pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Some statistics still NaN? Graylog Central (peer support)	7	2210	July 2, 2018
Extracted number from syslog message unusable Graylog Central (peer support)	6	1557	May 16, 2018
Search Results with Numeric Extracted are Not Greater than Query Graylog Central (peer support)	6	3570	July 3, 2021
Numerical converter on extractor not working? Graylog Central (peer support)	7	1163	July 28, 2022
Graylog Exchange Message Tracking Log Extractor Graylog Central (peer support) sidecar , nxlog , nodatanx , send-csv-logsnx	11	9861	June 13, 2017

Field statistics/chart on extracted number showing NAN?

Related Topics