I just started working with graylog and I have some issues.
Can I write a query that will bring me logs with unique identifier?
For examples I have logs with op_id and loan_amt and I want to get sum of loan_amt from all logs. Here comes the problem : some logs may share same op_id and my sum will not be correct because will add plenty times the loan_amt from logs with same op_id
Can you help me, please?
If I understand correctly you will need to further narrow down your search criteria to filter out duplicate log entries.
You can use the GrayLog search query language to do this.
Try to find fields where duplicate logs differentiate from each other and then create a filter to exclude one from your results.
For example something like this:
source:hostname.that.logs.loans_amt AND LoggerName:your.logger.that.logs.loan_amt
Related
I have the following filter in Cloud Logging that shows me all logs from a particular instance:
(resource.type="gce_instance" AND resource.labels.instance_id="***") OR (resource.type="global" AND jsonPayload.instance.id="***")
In this set, I want to search for a value in all fields. By looking at the documentation https://cloud.google.com/logging/docs/view/advanced-queries#searching-examples I found that I can write a simple word unicorn in the query fields and it will search in all fields. It works, but it searches in all my logs. But I want to search in the filtered logs set only, not across all logs in Cloud Logging. I want to get all rows containing the word failed and tried this:
((resource.type="gce_instance" AND resource.labels.instance_id="***") OR (resource.type="global" AND jsonPayload.instance.id="***")) and failed
But id doesn't work. How can I search in all fields while already having a filter?
Try to run the query formatting this way the last part:
((resource.type="gce_instance" AND resource.labels.instance_id="***") OR
(resource.type="global" AND jsonPayload.instance.id="***")) AND "failed"
Cheers,
I would like to list the count of certain message / code in kibana data table. In the buckets section, I select aggregation as "Terms" and select the property I would like to count in "Field". It works fine for some terms but not the others.
It is okay for "fields.MemberType.raw"
No result found if I select "fields.RestApiRequestAndResponse.Response.Message".
I can find both fields in discover.
Have no idea why no result found ... Any idea or how can I trace what happened? Thanks in advance
finally found the cause of the issue.. my colleague has update the template of the log... the field "fields.RestApiRequestAndResponse.Response" has map to "nested". :(
there are usecases where I really would like to know which term was matched in which field by my search. With this information I would like to disclose the information which field caused the hit to the user on my webpage. I also would like to know the term playing part in the hit. In my case it is a database identifier, so I would take the matched term - an ID - get the respective database record and display useful information to the user.
I currently know two ways: Highlighting and the explain API. However, the first requires stored values which seems unnecessary. The second is meant for debugging only and is rather expensive so I wouldn't want it to run with every query.
I don't know another way which is confusing: The highlighting algorithms need the information I want to use anyway, can't I just get it somehow?
On a related note, I would also be interested in the opposite case: Which term did not hit at all? This information would allow for features like "terms that didn't match your query" like Google does sometimes (where the respective words are shown in grey-strikeout).
Thanks for hints!
I am using GSA 7.2, In GSA Search Report It have two Report types
Searches that returned results
Searches that did not return results
what is difference between this types?
I tried Last week Search Report with both types, I am getting few same Keywords and Queries in Both Report types with different Occurrences count. Here my question is if GSA is showing result for some Keywords and Queries then It should not show in without result type, May be my Understanding is wrong, Please correct me.
Thank you for help
Looks like this issue is there for a long time.
Check this out. Not sure whether it is fixed or not, better check with google support.
BTW, Do you have user specific search (Role based search)? If so, just try to search using same term for all user/role and see any user/role gets zero results.
When you run the reports, are you restricting the search to a specific collection and/or time range?
If you run a report for "All Collections" then you might see items show in both reports because users are searching against a collection that does not have the documents.
What you'd want to do is run a report for a single day. If you see the same behavior for a single collection then download the search logs for that day and look for searches for that key term and see if the search query parameters are the same. If they are different then there could be some malformed search queries being executed. If not then it could be a transient issue with the GSA.
I can't seem to find anything online that allows me do this. Basically I'm doing a simple SolrQuery but I want to only get back results where a field is a specific value.
So to be more specific I want to execute a Solr Query where field is either A or B or C - Is this possible?
I think I'm going to need to do a SolrQueryByField joined with a SolrMultipleFilterQuery but not really sure of how to get about doing this.
Can anyone help or point me in the right direction?
add values in list<IsolrQuery> OredData ex: OredData.add(new solrQueryByField("field","A")) and add rest of ur choices ,then add it to solrMultipleCriteriaQuery(OredData,"OR") and choose "OR" as showed , then ,call ur Query passing solrMultipleCriteriaQuery(OredData,"OR") to it.
hope that i helped ;)