What I’m hoping to do is create two things; an alert and a dashboard.
For the latter I already have a dashboard with each source and it’s last received event timestamp. What I’d like to do is highlight those time stamps based on how far back it was. For instance, any event older than 5 minutes is yellow, older than 10 is red, newer than 5 minutes is green. And then an alert for any source with greater than 10 minutes.
I’ve searched around and haven’t found much useful about doing “time math” in graylog. So I’m hoping someone has already tackled this and can guide me. Thank you.
Okay. If Graylog can’t do time math, what about this?
Can I take a stream, view it by latest event per source (device), and then output that number somewhere?
So let’s say I have a Beats stream with 10 servers feeding into it. Can I create a view or something that will show me the number of the last one received message per source.
Think of a dashboard widget of type Single Number. It is reading from that Server Stream. If everything is working as expected, that widget should display 10. If not, then I know something changed.
This is the dashboard widget that I have now:
I’d like to know if I can create a widget that would return a single number. In this case that number would be 6.
You can do a sungle number widget, have it use the aggrigation cardinality of whatever field to group by source maybe (count distinct) and then limit the time search range for that widget to last 10 minutes etc.
