Interesting idea! I don't think we have this on the roadmap yet. Care to create an issue for it?
Thanks, Kay On Friday, February 28, 2014 9:47:42 AM UTC+1, Dmitri Stoljarov wrote: > > Hi, > > Is there any plans to implement grouping of events by some unique > parameter? > > E.g. i have logs like this: > > 2014.02.28 10:02:10,215 +0200 [192.168.14.112] [86dkl389] > action:"something" > 2014.02.28 10:02:10,415 +0200 [192.168.14.112] [GdhNalvZ] action:"request" > 2014.02.28 10:02:11,526 +0200 [192.168.14.112] [GdhNalvZ] params1:"data 1" > 2014.02.28 10:02:11,637 +0200 [192.168.14.112] [GdhNalvZ] params2:"data 2" > 2014.02.28 10:02:12,748 +0200 [192.168.14.112] [GdhNalvZ] params3:"data 3" > 2014.02.28 10:02:13,115 +0200 [192.168.14.112] [A89023JK] action:"another" > > Idea is to extract keys (in my example it's a key after ip address), which > are unique and same for single request. Set some time limit like 3 seconds > or 2 minutes. And after limit time is reached - glue together all matched > events. > > Or may be there're some thoughts how to do it with drools? > > regards, > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
