Greetings! I would like to be able to run a search that would return a list of messages that have only unique values in the client_ip field. Is this possible? I need to export the resulting list for processing in another application. When I report on all IP addresses, the result contains millions of records and is too large to process. I just need a list of unique IP addresses, which is only a few thousand
2 Likes
I am not sure this is possible wit the current querying language ( I think its not ):
http://docs.graylog.org/en/2.4/pages/queries.html
But what I know is possible, is that you can:
- Do your search
- Export the Data as CSV
- post process this data with a script and pick only unique IPs
As long as output order doesn’t matter, this should have you covered.
Another solution would be to create your own Plugin for Graylog2 that does that:
This has been requested a handful of times in the past. Its a shame that it isn’t possible without the steps noted above since other Elasticsearch backed logging systems are able to do this without the extra steps.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.