Hi Graylog team,
Is there any plan to have Splunk like DSL in addition to traditional Lucene Search.
A common use case when we search data on any Log Analytics platform is chaining multiple tasks.
Example:
Stream "IIS Logs" | limit 1000 | group_by SiteName | summarise count = n() | order_by count desc
The above pseudo search gets data from a stream, filters the first 1000 documents, groups by SiteName, calculates the count for each group and then orders by Count in decending order
I am not sure if something like this is already coming in future.
If not, can we expect something like this in Graylog2
Thanks