Hi! The query string we support is the one from elasticsearch. Unfortunately it does not support querying on aggreated values, its very different to a database query language in that respect. Splunk uses background searches and implements aggregation query functions on top of that, we do not support this feature yet, unfortunately.
However, if you want to see analytical functions of single fields returned in the result fields, we do have a way to show them. In the sidebar on the left, for numerical fields, you can click the 'gear' icon and choose 'statistics'. That will display various statistical values, including the average/mean, std dev etc. Best, Kay On Wednesday, May 21, 2014 11:07:57 AM UTC+2, coder4fun wrote: > > Hi, > I am using a combination of graylog and elasticsearch as part of my > logging infrastructure. I can use a regex to search for messages. But I > cannot find a way to use eval functions. For example, I want to evaluate > the average of the response time(It is one of the fields) of the results I > get from the search. I used splunk previously, where in I used to pipe and > make a eval query which gives me a result. Is there such a mechanism in > graylog, or is there a work-around with which I can achieve this. > > PS: I tried sending an alert based on the sum/average... but I cannot get > the exact value in the mail > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
