Is it possible to accomplish kind of log aggregation using graylog. For instance I have 300 same messages (same src and dest ip) from ASA, and don’t waste my disk by storing individual items.
So my solution would be counting number of same messages (distinction by src ip and dest) (kind of deduplication) and write only one message that has additional field count? Is is possible to do by using rules?
Any examples would be great to have.