Just out of interest I have created a report that groups by user_id aggregates the data volume (Bytes Sent) from our IIS logs that are fed into Graylog. Only took a few minutes...
<https://lh3.googleusercontent.com/-JGgisxEMAdA/V9HwX8QTTqI/AAAAAAAAC4A/ss2mTsvtpSMAnm6eCl-o2MUa7RvvKkFcQCLcB/s1600/2016-09-09%2B09_12_07-Visualize%2B-%2BKibana.png> On Friday, 9 September 2016 08:59:44 UTC+10, Michael Anthon wrote: > > I'm not sure if this can be done with graylog directly but if you install > Kibana somewhere and point it at your graylog elasticsearch instance you > can do some pretty amazing aggregations and reports. The visualisation > feature in Kibana is fantastic for this kind of thing > > On Friday, 9 September 2016 03:17:15 UTC+10, Daniel Reif wrote: >> >> Hello, >> I managed to get the logs coming from the squid using drools and sending >> logs through graylog-sidecar. The output was as the image below: >> >> >> >> As you can see I created the _size field, is there any way to add the >> values of this field? >> >> My idea is to show how much each user consumed >> >> >> Tks >> >> Daniel William Reif >> >> >> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/b31a9d63-649a-4703-8ef8-982993204774%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
