Hi, this is a bit of a vague question, but I’d like to ask if anyone could give me some general direction here. I’m new to graylog, however I have it up and running and have about 6 or 8 different log files (for starters) being brought into Graylog. There is a ton of data, and much of it isn’t of interest and there’s about 40 pages of files to sift through. I’d like to see if anyone could give me some advice of how to filter out the data I would consider as not valuable, and allow me to only show the errors.
What kind of log files are they?
Why not import everything into Graylog, e. g. with Filebeat, nxlog, or Logstash, and later filter for what’s interesting? It’s not possible to give you any sound advice without knowing your use cases and requirements.
Hi…thanks for responding. I’m using the filebeat input, and the files are *.logx, *.log, and *.txt. Currently everything is imported in with these files, and was hoping to get an idea of how i could effectively only display the errors in a dashboard. Sorry, again i’m fairly new to graylog. I appreciate any questions or advice.
You can show errors on a dashboard once you have ingested the messages and parsed them/extracted the required information.
Since you only have plaintext logs, you have to send them to Graylog (e. g. with Filebeat, nxlog, or Logstash) to an input which has the necessary extractors (see http://docs.graylog.org/en/2.2/pages/extractors.html and http://docs.graylog.org/en/2.2/pages/pipelines.html).