Or if you have multiple message like this: Actionnum 0 Content_Length 1436 Content_Type application/x-compress Destination_IP 104.96.91.41 facility local4 level 4 message 1467954342 1 10.244.130.157 104.96.91.41 application/x-compress 10.244.130.157 http://update.nai.com/Products/CommonUpdater/Current/BOCVSE__1000/DAT/0000/PkgCatalog.z 1436 BYF ALLOWED CLEAN 2 1 0 0 0 (-) 0 Computing/Technology 0 - 0 update.nai.com Computing/Technology [n600456] update.nai.com - - 0 source FW Source_IP 10.244.130.157 timestamp 2016-07-08T05:33:22.441Z Url http://update.nai.com/Products/CommonUpdater/Current/BOCVSE__1000/DAT/0000/PkgCatalog.z Url_Cat Computing/Technology User [n600456]
I would like to see a Graph of the Top 10 User with the most (Total Content_Length) To see the Top 10 Users which creates the most traffic. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/cb59fea3-f680-4dad-b5b5-2b3daa0588d5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
