For example we have following 4 messages and we want to get following stats: (type of error) (occurrences) IllegalStateException -- 2 NullPointerException -- 1 Failed to retrieve data -- 1
where sample messages are in log: 1) [03.01.2014 09:08:50.331] ERROR IllegalStateException occurred when processing request: [GET] /account getAttribute: Session already invalidated. Stacktrace follows: org.codehaus.groovy.grails.web.pages.exceptions.GroovyPagesException: Error processing GroovyPageView: Error executing tag <g:render>: Error executing tag <ab:initiate>: getAttribute: Session already invalidated 2) [03.01.2014 08:31:15.698] ERROR IllegalStateException occurred when processing request: [GET] /account getAttribute: Session already invalidated. Stacktrace follows: java.lang.IllegalStateException: getAttribute: Session already invalidated 3) [03.01.2014 08:24:26.413] ERROR NullPointerException occurred when processing request: [GET] /payment/236463 4) [03.01.2014 08:24:26.413] ERROR Failed to retrieve data Thank you, Ürgo On Thursday, 2 January 2014 22:50:25 UTC+2, lennart wrote: > > I think I may need a few example messages that you want to find and > group to fully understand your case. You can also contact me directly > if you feel uncomfortable sending this over the mailing list. > Anonymise parts of it if needed. > > On Tue, Dec 31, 2013 at 1:54 PM, Ürgo Ringo > <[email protected]<javascript:>> > wrote: > > Thank you for quick reply. > > > > However, in our case we are interested in getting the stats of all > errors. > > We don't know upfront what exactly they are but rather we need to group > > messages having similar beginning or something in the middle of the > message. > > Whole message may not be identical because it can contains some user > data or > > other context information which is different. > > > > Maybe it is somehow possible to set the event_type based on some content > > scanning algorithm? > > > > > > Thanks, > > Ürgo > > > > > > On Monday, December 30, 2013 11:41:51 PM UTC+2, lennart wrote: > >> > >> That is easy in Graylog2 v0.20.0. Actually there are several ways: > >> > >> * Search for all messages that start with "foo": foo* AND bar=baz - > >> Then use the number of found events (in the selected time frame). > >> * Do the same as above and add it to a dashboard as number widget. > >> * Probably the best way: Create a new stream and match all messages > >> that start with "foo" using a regular expression: ^foo.+ - You can now > >> see those messages with one click, use the stream result count on a > >> dashboard and even subscribe to the events or be alerted once a > >> certain level of events is reached. > >> > >> It is even easier if you can group the messages by a specific field. > >> Like event_type=foo > >> > >> Note that some of those features are only in the current development > >> branch and you may have to wait until the first week of January to > >> fully use them. > >> > >> Hope that helps! Let me know if you have any questions. > >> > >> Thanks, > >> Lennart > >> > >> On Mon, Dec 30, 2013 at 9:01 PM, Ürgo Ringo <[email protected]> > >> wrote: > >> > How easy is it to find out how many occurrences of errors are there > in > >> > given > >> > time period? > >> > So it should be somehow possible to group events with same message > text > >> > beginnings ignoring the timestamp and other request specific data. > >> > > >> > > >> > Thanks, > >> > Ürgo > >> > > >> > > >> > -- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "graylog2" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send > >> > an > >> > email to [email protected]. > >> > For more options, visit https://groups.google.com/groups/opt_out. > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "graylog2" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
