Is there a way to view a unique count for a single field over time? Example might be a GUID field. Some GUIDs appear daily, others appear once every 6 weeks. I’d like a view/report to show UNIQUE GUIDs over a period of time.
Do you have that data over the complete period you want to view? What Graylog version are you using?
Is that data you want the overview in a unique field or part of another field?
The data is present in a unique field over the complete period I want to view.
I’m using Graylog 2.4.6+ceaa7e4
if you do a search to identify the information you like to see - use the so called quick values to get this.
https://docs.graylog.org/en/2.4/pages/dashboards.html?quick-values-results#quick-values-results
Thanks! My profile doesn’t have dashboards, so I’m getting admin to enable, then I will try that.
Will that represent unique counts of that particular field? Would this work for fields that only contain IP address?
Okay, I tried that and it doesn’t appear to be producing the data I am looking for. I’m looking for a way to easily see unique counts in the Graylog dashboard. Similar to what I would get if I export data for a 4-week window and use Excel to remove duplicates from field=IP_Address.
he @Audian16
you do not look for something like:
you just wand to have the names without any count and other stats?
I don’t think that is the view I need. Let’s say I have 800,000 entries across a period of 3 days. I can confirm that their are 150,000 servers that are generating those 800,000 entries but exporting the data and manually cleaning the entries (removing duplicates).
How can I search for unique number of reporting servers in the Graylog interface to show a count of 150,000 instead of 800,000?
The quick values is for this - you just do this on the source and get a list of all sources that report in.
You might want to use the views as you can be more specific in that list and you can get a data table with that result.
Should you want to have that unique list exported - that is currently not possible and you would need to createa feature request over at github.
Okay, thanks for explaining that. I appreciate the help!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.