Feature Requests

Should be able to delete content from Content Packs section

When you go to look at stuff in My Content or Shared Content in the Content Packs view of Log Insight, you can't delete any content you don't want from there. You have to first open up the dashboard, query, extracted field, etc. in either the Dashboards or Interactive Analytics view. This feels like an unnecessary step. You should probably be allowed to delete things directly from the Content Packs view.

Submitted by (@mfriedri)

Voting

5 votes

Feature Requests

Additional time ranges

Currently there are only some few time ranges possible: 5 minutes, 1h, 1d, 2d and custom. With custom only possible to define a fixed range. It would be nice to have a greater range of options. I love how Graylog is managing that. You can, for instance, define "Since Midnight" and then getting all message... well you guest it... since midnight. Or "Last Week", Today, Last Month ... you get it. For starting it would be ...more »

Submitted by (@rockaut)

Voting

2 votes

General Log Insight Q&A

Trend - misleading icon

Hi

 

Please see the attached screendump. The trend chart is showing a downwards trend. When I hover the mouse over the icon it shows that there is not difference in past and present trend/the trend is so small that there is little to no difference in the trend.

 

This is misleading in the sense that the trend is almost non existing

Submitted by (@ryom.michaelgmail.com1)

Voting

2 votes

Feature Requests

Improvement to query lists

Query lists can get quite large with dozens or hundreds of items inside. Allow the user to sort the query list by result. E.g. if a query returns "Has Results" show them on top. This makes it easier to focus on the relevant results. In addition the title bar of a query list shall display the amount of queries. Once the user has executed them (green play button), also display the amount of queries with "Has Results". ...more »

Submitted by (@v9bvohzrgzdeogn5)

Voting

3 votes

Feature Requests

More advanced query DSL

I want to be able to make more advanced (PIQL?) queries to LI. For example: 1. Apply functions (i.e. regex, arithmetic, logic, type conversion) on one or more existing fields, i.e. a. sum: fieldA + fieldB b. fieldA OR fieldB c. REGEX(fieldA, pattern) d. CAST('10.2' AS DECIMAL) e. CAST(SUBSTRING(fieldA, 0,10) AS DATETIME) 2. Create custom fields: a. DATE() AS today b. expressionA - expressionB ...more »

Submitted by (@pbalinov)

Voting

3 votes

Feature Requests

enhance filtering options for data sets

would be great if we could use the same filters as in "interactive analytics" for "new data set". At the moment there are just a few fields available. For example we would like to create a data set for some users so that they can only see events where "text"-field matches a regex query or certain words or e.g. the "event_type" field is a certain type. Custom extracted fields are also not available for data set filters. ...more »

Submitted by (@mkaufmann)

Voting

3 votes

Feature Requests

Add condition to query

We would like to add some conditions on the query. Today we have our monitoring which is working with codes as "200" to "399". So ours probes are switching codes all time, sometimes with a very little time between changes. The aim of this feature request is to provide a way to display events according to some conditions like : - if my field A is containing "200" - if in the following 30 minutes, the field A is switching ...more »

Submitted by (@antoine.ruelle)

Voting

2 votes

Feature Requests

Enrich log records

We would like to be able to enrich log records with info from an external sources (add custom tags for incoming/existing logs based on a query to an external service) like vROPS does.

 

Use cases:

a. Query GeoIP Web Service for IP’s location

b. Query CMDB via HTTP/LDAP for additional information (e.g. customer name, related services, server role, environment ….)

Submitted by (@maksym.bashkirov)

Voting

1 vote