Show Messages in (new) Sidecar Overview

in the (new) sidecar Overview you see on the button “Show received messages” next to a Sidecar (lets say System1). If i click on this I get no messages.
But if I search for messages with source:system1 I get all the messages I would expect.

What am I doing wrong here?
Graylog is 3.0.1
ES is 6.7.1
Systems1 is Windows 7 with winlogbeat enabled.

Ok, I found out:
The button creates the search query:
But there is no field gl2_source_collector.
The name of the field with this value is winlogbeat_gl2_source_collector

Thanks in advance,


you see this because you have not checked the following in the new beats input:


The link in the button assumes that the field gl2_source_collector is given - as you do not have that, it does not work. You could correct that field name with a processing pipeline or make the tick above on the input.

Hello Jan,

thanks a lot. This is the solution!



This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.