Hi all - Running Graylog 2.1.1 on centOS 7.
We noticed something with the search function today that didnt act like we expected. Sorry, this might be kind of difficult to explain. Looking at Windows Event logs, we were looking at options for displaying the top X number of "errors", "critical", etc. in a dashboard. Someone suggested that rather than showing an event ID with X number of occurrences, it might be more helpful to display the description instead. In looking at an individual log entry, there is a "message" field that contains an abbreviated description of "full_message". Thinking that might be useful, we selected 'message' from the search criteria list and then selected "Quick Values". What we expected to see was a listing showing what was in the message field (for example, "The processing of Group Policy failed" or "DCOM was unable to communicate" and the like) and a count of the number of times it occurred. What we got was a list of the individual words that were being found in that field: Is this the expected behavior for a search on this field? Thanks, Robin -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/0368d2b3-bc27-4bf4-bfa7-9ac724fdd5cb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
