Search widget with different messages

lmrc · December 14, 2023, 2:53pm

Hello,

I am making a dashboard in which I want to include a widget with a message search represented in a bar chart.

I want to show the search count for three different messages and right now I have three different widgets, one for each message.

Can I show everything in a single widget? If I use for example “message:ssh OR message:login OR message:error” the count of all the messages that match is shown but I want to show it separately, one bar for “login”, another for “ssh” and another for " error", showing the different bars distinguished by colors and note it in the legend. Is this possible?

Thank you so much.

All the best.

faen · December 14, 2023, 3:48pm

I would think so if you group by message, add a count for message, and use the query to limit it to those specific messages.

Joel_Duffield · December 14, 2023, 11:29pm

So you should be able to do a group by and get this, however you cannot do an aggregation on the message field, if the data is in another field that should be fine, but the message field is a special field type.

faen · December 15, 2023, 4:23pm

Thanks for the clarification. I (perhaps wrongly) assumed that message was just a generic name and not the actual mesage field.

system · December 29, 2023, 4:23pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Is it possible to disable the "Message Count" widget from the default view (unsaved search)? Graylog Central (peer support)	2	256	January 26, 2023
Problem with message count Graylog Central (peer support)	4	1333	May 22, 2020
Widget Querying (aggregation) with Python Miscellaneous python	2	863	September 26, 2022
Can't find Search Result widget Graylog Central (peer support)	8	1061	June 5, 2020
Configure Data Table Output Based on Contents of Last Message From Application Development dashboards	3	283	March 24, 2023

Search widget with different messages

Related Topics