How to edit the dashboard base/master query

hkraal · May 7, 2020, 9:48am

A while ago I created a dashboard using a filter for http server errors, the base query which has been used for the widgets would have been status_code:[500 TO 599].

Meanwhile we added a input for Nginx error logs which sets a static field nginx_error: true. The field is properly applied to all new messages and can be search for without any problem. On the dashboard however these messages seem non-existent.

I suspected some sort of base/master query on which all the widgets can do some additional filtering. As the messages aren’t included in this base/master search in the first place they will not show up in the widgets either.

Exporting the dashboard as a content pack reveals query 09043b2b-7171-4ff7-8273-c952d3183a25 which seems to do exactly what I suspect.

Q: How on earth should I edit this query to become status_code:[500 TO 599] OR nginx_error:true without recreating my dashboard.

          "queries": [
            {
              "id": "09043b2b-7171-4ff7-8273-c952d3183a25",
              "timerange": {
                "type": "relative",
                "range": 86400
              },
              "query": {
                "type": "elasticsearch",
                "query_string": "status_code:[500 TO 599]"
              },
              "search_types": [
                {
                  "query": {
                    "type": "elasticsearch",
                    "query_string": "source:server.example.com AND (status_code:[500 TO 599] OR nginx_error:true)"
                  },

hkraal · May 19, 2020, 8:30am

So I ended up re-creating the dashboard by lack of a better solution but I still hope someone would be able to answer how the “dashboard query” could be editted.

cawfehman · May 19, 2020, 6:47pm

Not sure what version of Graylog you are using as the dashboards have been overhauled recently, so this may not be relevant, but in the latest version (currently 3.2.4), you can edit the query from the widget.

You can also just create a new widget using the create menu on the left navigation bar when you’re on the dashboard tab.

hth, perhaps someone else has more insight.

system · June 2, 2020, 6:47pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog Dashboard, set the query static Graylog Central (peer support)	5	52	September 4, 2024
Bulk configuration change inside a dashboard Graylog Central (peer support)	2	515	August 27, 2021
Dashboard Error - Unable to perform search query: OpenSearch exception Graylog Central (peer support) elastic , dashboards	3	2106	October 26, 2023
Modify global dashboard filter Graylog Central (peer support)	4	1769	July 17, 2020
Error about message field Graylog Central (peer support)	7	1465	April 4, 2023

How to edit the dashboard base/master query

Related topics