MAS
Posts About
MAS

Contents

Dashboards in Graylog

Mehyar included in tutorial
   426 words   2 minutes 
/graylog-dashboards/graylog-hell.png

Dashboards give you clear visualizations of your search query results for quick, high-level insights into issues.
To see available dashboards, you can simply click on the Dashboards button in the top row.

Visibility and ownership

Dashboards can be private or made available for others.
To change the visibility of a dashboard, you can click on the share button on the right.
Using the same button, the owner of the dashboard can give others the rights to only see the dashboard or to edit it too.

./shareing_dashboard.png

Pages

A dashboard can have more than one page.
In this example, we have two pages, SSH and Linux.

./pages.png

Aggregations

A Graylog-Aggregations is a collection of data that can be represented in different ways. Every page contains at least one aggregation.

./aggregation.png

  1. Name of the aggregation, can be changed with double click.
  2. Opens search in new tap with the aggregation’s filter applied, so you can continue investigating the content of the filter.
  3. Takes you to the edit page to edit the aggregation. (see Create an aggregation)
  4. Drop menu with the option to delete, duplicate or move the aggregation to another page.
  5. Shows the time range of the data shown.

Create an aggregation

./create.png

You can create a new aggregation by clicking on the + symbol on the left bar.

./aggregation-example.png

  1. Name of the aggregation, can be changed with double click.

  2. The time period of the shown information. It can be in:

    • Relative (From 30 days until now).
    • Absolute (From 06.05.2022 until 06.06.2022).
    • Natural language (In the last month).

  3. Specify the stream from which to read the logs (you can select more than one stream at the same time).

  4. Here you can choose what information to display, what criteria to group it by, and whether to display some metrics such as the number of different values in a field. There are several ways to visualize the data.

When you are done, you can click Apply Changes to create the dashboard.
Tip: After every change, click on the green button to update the view.

Example of aggregations

  1. Massage Table
    As the name implies, this aggregation is a table where data can be displayed in rows and columns (fields). It is a simple aggregation that doesn’t have as many options to customize as the others.
    Here you can choose which fields (columns) to show, and how to sort the generated raws. The only unusual option in this type of aggregation is “Decorators”, where you can modify messages shown in the search results on the fly. The changes won’t be stored though, only shown in the search results.
Updated on 2022-05-06
Read Markdown
 graylogdashboardtutorial
Back | Home