Sort additional metrics when sort timestamp is enabled not working

I’m exporting Netflow v9 from Pfsense to Graylog through softflowd package. Everything is working but the sort option.

I’m trying to get the last hour TOP Talkers summary (sum of nf_bytes).
This will allow me to check who is the TOP Talker in that given hour and show the respective peer.

If I use the sort options such as, timestamp descending and nf_bytes descending at the same time, the second one doesn’t work… I have to use one or the other but both not at the same time.

System: Raspberry Pi 4B Ubuntu 20.04.6 LTS 64 bits running: Graylog 5.0.6 | Mongodb 6.0.5 | ElasticSearch 7.10.2

Mixing timestamp and MB (nf_bytes) sort options:

As you can see above, timestamp is working but the second sort MB (nf_bytes) is not.
Only the first sort option chosen works based on my testing and second one is ignored.

I tried to the pin columns, I tried to remove the widget and recreate it again, even cleared the elasticsearch database but nothing seems to work…

I wonder if I’m doing something wrong, or if this is perhaps a bug in the sort option.

Any tips to make this work?
Thanks

For what its worth i’m able to replicate this behavior myself. I also notice that i cannot actually choose more than 1 sort field when editing the widget:

IMO the ux suggests you can sort by more than 1 field. I opened this as an issue via Cannot sort data table widget with more than 1 field · Issue #15391 · Graylog2/graylog2-server · GitHub

Speaking to our developers, multi sorts are only possible when sorting metrics. Today I learn!

Multi-sort for fields is not currently supported.

Thank you @drewmmiranda
Also learned today

I’ll have to limit the widget to show the last hour only, that would “solve” the issue.
In case it shows necessary to search a specific hour, I would just need to open the widget and set the timeline accordingly.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.