Yes, nice looking one.
But let’s be honest - it requires much more clicks than before.
Maybe some day there will be some shorthand or ‘quick action’ to automate all those clicks.
That would be really nice, since this is one of the most frequently used/typical use cases in our setup.
Just for better understanding: we have a few configured dashboards, but for daily analysis we usually don’t need to make some chart persistent and add it to dashboard. "We see abnormal peak of requests? Check Quick Values by request URL. Ok, probably it’s brute force attack or client bug. Now check Quick Values by source IPs. Hmm. Ok. Check Quick Values by User-Agent. Ok, now it’s clear, thanks to Graylog team for such a great product"
You see, we create 3 pies in 1 minutes and got the result. Each of the pies was needed only for 20 seconds.
In 3.2 it’s much more complicated
Of course in some cases more complicated analysis will be required and it would be worth to spend time for configuring and storing multiple graphs
I don’t find one thing. The resolution about the histogram. How can I solve it?
OK, I did a research again (based on your animated pictures), I find it. Could you hide it better? 1 click to 7 clicks.
TO
//I also miss the quick values feature (OK,I understand…)
But it is a good place to write it down.
I also miss the tabs on the old view. It was good, we created tabs for different system’s devices, we create rights for the view (share it), and the colleague just open the view, and can change the system. (OK, now we can create saved searches, but I can’t set rights on it (Or I just haven’t find), and It’s 3 clicks not one…)
Also I miss the source menu item! We have a lot of problem with out of management devices, and sometimes it start to generate a lot of logs. In this case was good a start point, to find the device with problems, And analyze a problem. I think a dashboard could fix my wish. But again, more and more clicks.
So unfortunately I also think the 3.1 was better in end user experience.
BUT also I have to tell, the aggregation options are almost limitless in 3.2, so I think if I try to goes beyond this unlike/unknown/weird interface it will help a lot in analyze the data.
thanks a lot for your input. It will help us making the next release better. The 3.3 release is (beside missing features) also aimed to improve the usability and I hope we can address all your issues.
Just wanted to mention I’m also rolling back due to the UI change in 3.2. In addition to being significantly more clicks to get to quick values, it is also a lot more clicks to add a field to the search results table. With the old UI it was a single click to check the box in the list of fields on the left hand side. With the new UI I first need to find a message that contains the field (which might not even be on the first page of results), then expand the message, then expand the dropdown beside the field, then finally click add to table. So it went from 1 click to 4+.
It seem like overall the new UI is very tailored to building powerful dashboard, but the ability to investigate 1 off events has become very tedious.
Hi,
We’re thinking about rollback too, cause we’re missing quick values and the fields list.
How can I save a widget on the search page? I created a couple of them, but they disappear when I leave that page.
What you refer as “quick values” is now called aggregate - so that is not gone. To save the widgets on the search page, you need to save the search that is it saved:
I know it’s not gone, but accessing it is more complicated than before. Also the fields list on the left was very handy.
So there is no way to attach custom widgets to the main search screen? I understand saving a search, but I’d like to have them always there like the message count. I’m asking cause we have many users and I’m trying to make the UI as friendly as possible for them.
@danielp I am sorry to hear that you miss automatically saving your widgets in the browser storage, but we think saving queries together with the widgets is helping more people in the long run.
In a future version we plan to make your default search configurable.
Thanks Konrad!
Actually it’s both, the fields list and the easy access to quick values. As I wrote, we’ve got many people using Graylog occasionally and for them it was much easier to navigate in the previous UI version.
Customizing the default search page would be a big improvement for us.
Best,
Daniel
Not trying to blame you, just sharing real-life experience:
In my case we tried to live in new reality and tried to adopt new UI(I really wanted users to learn some new tricks) for about 3 weeks, but it was really painful.
Today I can confirm successful rollback is possible (even replacing repo took me some time to debug)
I just want to agree, the loss of quick values is significant in our daily workflow. Several core components seem to have been hidden behind “more clicks” now.
You will have to restore mongodb from backup and reinstall graylog. No simpler way.
In my case I fortunately had backup (usually I didn’t do it, coz multiple previous upgrades had no any issues) and was able to work around package manager, so I didn’t have to edit config files again.
I just want to have it clear. Since I mentioned already that “Quick Values” is now found under “Aggregate” (which we will rename to “Top values” or similar):
Do you miss having the table together with the pie chart, do you miss accessing it without a extra click over the field list or what exactly is the problem?
Since QuickValues is not really gone I need to know what is missing when you write:
1 click to 7 clicks. 
