Hi, Is there any plans to implement grouping of events by some unique parameter?
E.g. i have logs like this: 2014.02.28 10:02:10,215 +0200 [192.168.14.112] [86dkl389] action:"something" 2014.02.28 10:02:10,415 +0200 [192.168.14.112] [GdhNalvZ] action:"request" 2014.02.28 10:02:11,526 +0200 [192.168.14.112] [GdhNalvZ] params1:"data 1" 2014.02.28 10:02:11,637 +0200 [192.168.14.112] [GdhNalvZ] params2:"data 2" 2014.02.28 10:02:12,748 +0200 [192.168.14.112] [GdhNalvZ] params3:"data 3" 2014.02.28 10:02:13,115 +0200 [192.168.14.112] [A89023JK] action:"another" Idea is to extract keys (in my example it's a key after ip address), which are unique and same for single request. Set some time limit like 3 seconds or 2 minutes. And after limit time is reached - glue together all matched events. Or may be there're some thoughts how to do it with drools? regards, -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
