Hi all -
Running Graylog 2.1.1 on centOS 7.
We noticed something with the search function today that didnt act like we
Sorry, this might be kind of difficult to explain.
Looking at Windows Event logs, we were looking at options for displaying
the top X number of "errors", "critical", etc. in a dashboard. Someone
suggested that rather than showing an event ID with X number of
occurrences, it might be more helpful to display the description instead.
In looking at an individual log entry, there is a "message" field that
contains an abbreviated description of "full_message". Thinking that might
be useful, we selected 'message' from the search criteria list and then
selected "Quick Values".
What we expected to see was a listing showing what was in the message field
(for example, "The processing of Group Policy failed" or "DCOM was unable
to communicate" and the like) and a count of the number of times it
occurred. What we got was a list of the individual words that were being
found in that field:
Is this the expected behavior for a search on this field?
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.