Whether simple rollback from 3.2 to 3.1 (using package manager) is possible without data loss?
In my case it’s mostly about usability, not about some technical issues.
In 3.1 I could get required info in 2 clicks, now it requires much more efforts
Hello @zoulja,
this is unfortunate. I hope you can explain in more detail what is hindering you, so we can make it better.
About rolling back, if you have made a backup of your mongodb as mentioned in the upgrade nodes you can just use 3.1.x with that backed up database.
Otherwise there is no rollback process implemented in graylog by now. But if you tell me what problems you have with the 3.2 version I will try to make your live easier as soon as possible.
1 Like
Hello @konrad, thanks a lot for your prompt response!
I’m not sure my use cases will be interesting to you, but let’s try.
My main use case - analyze Nginx access logs.
Graylog 3.1
- Query API (/api/SomeAPI) which I want to check
- In left pane select IP field, click Quick values.
- Click customize->Show overview
Just in 4 clicks I can see attacker’s IP and when attack started and finished.
Really nice and simple, a lot of ppl were impressed by this trick.
Graylog3.2
- Query API (/api/SomeAPI) which I want to check
- Click Fields in left pane
- Select IP field
- Oh no no no no no. No lovely Quick values?! Ok. I’m an engineer, don’t give up, let’s try Aggregate. No pie, but still have a table? Ok. Press Edit.
- I’m lost.
So I made more clicks, but still didn’t achieve expected result.
I’m sure learning curve is higher here and this search is much more powerful, but it seems overcomplicated for basic use cases.
Is there some way to get back that old good simplicity? Or maybe I’m just missing something and need to do it in different way?
3 Likes
Hello @zoulja,
no you are completely right this neat trick so not so easy anymore. Thanks a lot for your really detailed feedback. It will help us to make it clearer what we need to do next.
As a work around I would suggest the following:
- create a search with the chart you need and save it.
- You need to create the pie chart and then the data table separately
- bookmark that search for easy access
- when you want to access the information mentioned:
- you click on the bookmark and query your API everything else should already be there.
I know it is not as nice and simple as before but you should now be able to store your query
together with your widgets which gives you the possibility to prepare different searches
for different tasks and save them.
Nevertheless we take your input serious and will try to bring back quick values or something similar in a future release.
Thanks a lot again. And let me know if you have anything else which is hindering in your work.
Dear @konrad, I really appreciate your attitude to my request
But I’m still confused - whether it’s possible and how it’s possible to recreate Overview chart (or similar visualization) from 3.1 in 3.2.
Is there some documentation/configuration example available?
I can create Pie chart and Data table, but it’s not what I really need(love in 3.1)
1 Like
I am sorry when I misunderstood your workflow. Right now the best what we have for documentation about how to create aggregation is this:
https://docs.graylog.org/en/3.1/pages/extended_search.html#views
Since the views are now used in dashboards and in the search.
When you mentioned that you missed the quick values I assumed that you meant the pie chart with data table.
Every chart which was possible in 3.1 should be re-create-able in 3.2. I assume now that you meant a value over time.
If you need help creating a other chart try to phrase it and I will be happy to assist you.
Dear @konrad, I meant chart like this, which is available under Quick values and which is frequently used in my daily work:
Probably I can phrase it like “We check TOP-5 IPs, and then see their requests distribution in time”
Hello @zoulja,
here I confiugred a chart showing the top 5 actions per time interval:
I hope this helps you. Do not hesitate to ask if something is unclear. We will try to make default charts like Quick Values in the future.
1 Like
Looks good, @konrad, but seems my knowledge of voodoo magic is not as good as yours:
What am I missing here?
I am sorry, but I missed to mention that you can limit the results. Click on the selected value in Columns there should a window popup to configure the amount of columns being displayed:
1 Like
Thank you, @konrad!
Could you please help me with another use case?
For example I want to compare number of requests between today and yesterday.
In 3.1 I could use combined charts: create chart for yesterday, create chart for today then use drag-n-drop to combine 2 charts.
What’s the 3.2’s way to achieve that?
@zoulja, as far as I know it was not possible to create two charts in different timeranges. When you create a widget and you changed the timerange you also changed the timerange of the created widget.
In the new dashboard you can do at least a bit of that. You can create two widgets one with a relative timerange of 24 hours and one with a absolute timerange for the past 24 hours yesterday. But it does not dynamically update since it is a absolute timerange.
But perhaps you meant a number widget with a trend? That you could do.
Hmm I see, but I fail to understand how you managed to get the values from yesterday and the values from today on the same page. So right before you drag n’ drop them into one stacked graph.
Could you help me with that point? Then we might find a solution for that.
Ah, my bad, sorry for confusion, I should have checked details before posting.
Yes, for different time periods it won’t work, I mixed it with another my typical use case - compare different requests (like different API) in the same time period.
So I create graph for API1, create graph for API2 and combine then using drag-n-drop just as described in the link above
Ah okay. That makes sense.
You could do that now in the new Dashboard.
Unfortunately not in the same widget. But you can create different widgets with different time ranges and queries in the same dashboard.
I hope this is helps.
Hi @zoulja,
I created an issue for the legend problem: https://github.com/Graylog2/graylog2-server/issues/7391 feel free to add information if you think something is missing.
Best regards,
Konrad
@konrad, thanks again for you hard work on this 
3.2 seems to be too experimental and ‘cutting edge’ to me.
We will stay on 3.1 and wait for 3.3, hoping its usability will be on the same level with 3.1(or even better, who knows!)
1 Like
@zoulja sure thing, I can totally understand that. We will work on the improvements and will bring you a hopefully awesome 3.3 to you.
To be complete I just want to mention something:
Soooooooo. I am sorry.
As it seems I lost a bit track of our features. And not just me, but some other peoples as well.
We have something like Quick Values. It is the field action Aggregate:
