Group by and count distinct

lindonm · May 8, 2019, 6:51am

Hi, not sure if this is possible.

Let’s say I have 3 servers, and a field hostname populated with

Server01
Server02
Server03

Logs imported will have the following log_file_path field

\\Server01\Logs\Log1.txt
\\Server02\Logs\Log1.txt
\\Server03\Logs\Log1.txt
\\Server01\Logs\Log2.txt
\\Server02\Logs\Log2.txt
\\Server03\Logs\Log2.txt
\\Server03\Logs\Log2-1.txt
\\Server03\Logs\Log2-2.txt

What I would like to see is a stacked bar graph (or similar) where I can show
For each hour, show me the number of unique log files (count), stacked by hostname.

This would look something like this (created in Excel)

Is such a thing possible?

You’ll note that Server03 in my example generated more log files than the other servers (or at least, more log files were ingested) and that’s what I want to be able to visualise.

jan · May 8, 2019, 7:01am

you would be able with the extended search - but not with the default widgets

lindonm · May 8, 2019, 7:24am

Thanks - A bit of googling suggests to me that that is an enterprise feature only? (related to “views” ?)

jan · May 8, 2019, 7:30am

yes - currently it is.

When it is deeper integrated into the system it will become part of the core and so open source.

system · May 22, 2019, 7:30am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ALERT - Group by and Count Distinct Graylog Central (peer support)	6	1708	July 8, 2020
How can i Count and Group By? Graylog Central (peer support)	1	697	March 15, 2021
How to count unique values in histogram chart? Graylog Central (peer support)	5	11769	July 20, 2017
Which API to use to query the number of logs from a host? Graylog Central (peer support)	2	1243	July 12, 2022
Need help with unique session count , Graylog 4.0 Graylog Central (peer support)	2	341	April 27, 2021

Group by and count distinct

Related topics