Grupping messages

dsever · February 19, 2018, 4:20pm

Hi

Is it possible to accomplish kind of log aggregation using graylog. For instance I have 300 same messages (same src and dest ip) from ASA, and don’t waste my disk by storing individual items.
So my solution would be counting number of same messages (distinction by src ip and dest) (kind of deduplication) and write only one message that has additional field count? Is is possible to do by using rules?

Any examples would be great to have.

Thanks
Dubravko

jan · February 19, 2018, 4:22pm

with the given vanilla Graylog that is not possible. You would need to write your own plugin for that or use some kind of third party plugin.

regards
Jan

system · March 5, 2018, 4:22pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Messages duplicating Graylog Central (peer support)	5	2486	August 22, 2018
Deduplicate logs in stream Graylog Central (peer support)	3	684	November 15, 2019
Combining Searched Log Outputs Graylog Central (peer support)	1	392	November 27, 2017
Context Collector for Graylog Graylog Add-ons	4	272	October 30, 2023
Message Count duplicated Graylog Central (peer support)	6	762	March 19, 2019

Grupping messages

Related Topics