Search widget with different messages

lmrc · December 14, 2023, 2:53pm

Hello,

I am making a dashboard in which I want to include a widget with a message search represented in a bar chart.

I want to show the search count for three different messages and right now I have three different widgets, one for each message.

Can I show everything in a single widget? If I use for example “message:ssh OR message:login OR message:error” the count of all the messages that match is shown but I want to show it separately, one bar for “login”, another for “ssh” and another for " error", showing the different bars distinguished by colors and note it in the legend. Is this possible?

Thank you so much.

All the best.

faen · December 14, 2023, 3:48pm

I would think so if you group by message, add a count for message, and use the query to limit it to those specific messages.

Joel_Duffield · December 14, 2023, 11:29pm

So you should be able to do a group by and get this, however you cannot do an aggregation on the message field, if the data is in another field that should be fine, but the message field is a special field type.

faen · December 15, 2023, 4:23pm

Thanks for the clarification. I (perhaps wrongly) assumed that message was just a generic name and not the actual mesage field.

Topic		Replies	Views
Message grouping Graylog Central (peer support)	2	1449	November 7, 2018
Problem with message count Graylog Central (peer support)	4	1489	May 22, 2020
Total message count not visible after upgrade Graylog Central (peer support)	3	3270	September 30, 2020
Is it possible to disable the "Message Count" widget from the default view (unsaved search)? Graylog Central (peer support)	2	361	January 26, 2023
Display most frequently occurring messages Graylog Central (peer support)	3	993	November 3, 2021

Search widget with different messages

Related topics