Hi Casey, That doesn't look right, would you be so kind as to create an issue in our Github repository? Here's the link: https://github.com/Graylog2/graylog2-server
Thank you! Edmundo > On 08 Aug 2016, at 21:38, Casey Russell <casey....@gmail.com> wrote: > > Group, > > I'm using Graylog to parse logs from our Juniper SRX firewalls. Telling > the SRX's to log to the Graylog input in "structured log" format does a great > job of automatically capturing the fields without a lot of need for building > extractors. > > My question centers around the behavior of the "Quick Values" pie > graphs. When I analyze the flow logs from my firewall and build a graph of > opened sessions centered around "source_address" (source IP), I'll get a pie > graph and a data table (obviously). The problem is this. Often times, when > creating the query, there may be 100 or more unique values for > "source_address". > > When you create a "Quick Values" chart, the pie graph is built from the > numbers and percentages in the data table (maximum of 50 IPs). But the > percentages in the data table, are the percentages based on the entire query. > So you can end up with your top IP showing up as 18% in the data table, but > taking up roughly 70% of your pie graph. It's seriously distracting. Has > anyone hacked about a way to normalize this. Or build a query such that you > limit unique values in a field to the top x number of results? > > I've included an image, if the forum allows it. (you'll notice I anonymized > the first two octets of the IPs, don't let that throw you) > > -- > ***************************** > Casey Russell > http://www.caseyrussell.com > casey....@gmail.com > ***************************** > > -- > You received this message because you are subscribed to the Google Groups > "Graylog Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to graylog2+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/graylog2/CAP2khRe_7%2BjGfB2AzctD%3DG-cRkfewGAkQE1EgpckV6p8-Sca%3Dg%40mail.gmail.com. > For more options, visit https://groups.google.com/d/optout. > <Graph_discrepancy.PNG> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/B92E7F4C-DE52-4E93-B55D-378D52817B65%40graylog.com. For more options, visit https://groups.google.com/d/optout.
