When you go to look at stuff in My Content or Shared Content in the Content Packs view of Log Insight, you can't delete any content you don't want from there. You have to first open up the dashboard, query, extracted field, etc. in either the Dashboards or Interactive Analytics view. This feels like an unnecessary step. You should probably be allowed to delete things directly from the Content Packs view.
Currently there are only some few time ranges possible: 5 minutes, 1h, 1d, 2d and custom. With custom only possible to define a fixed range. It would be nice to have a greater range of options. I love how Graylog is managing that. You can, for instance, define "Since Midnight" and then getting all message... well you guest it... since midnight. Or "Last Week", Today, Last Month ... you get it. For starting it would be ...more »
Query lists can get quite large with dozens or hundreds of items inside. Allow the user to sort the query list by result. E.g. if a query returns "Has Results" show them on top. This makes it easier to focus on the relevant results. In addition the title bar of a query list shall display the amount of queries. Once the user has executed them (green play button), also display the amount of queries with "Has Results". ...more »
I was working on making a presentation of different values, and it struck me that it was exposing a lot of different values. One Place i got a Count, and another Place i had MB while on the NeXT one there was bytes. In making comparative Dashboards there should be the ability to use a Math factor for either multiplying or dividing the number you have, so you can alter the exposed value to the desired resultset.
We have some users that want to build dashboards for our entire team to consume but we don't want to give them (or their group) privileges to create arbitrary content. It would be nice if there was a feature that allowed you to promote content created by users to be shared by everyone.
It would be really nice to have Geographic pinning similar to a lot of firewall tools & SIEM system where each outgoing IP address are pinned to a global map to have overview of where the traffics are going.
Queries can be defined in the Log Insight UI in many places, such as Dashboards or Saved Queries or Alerts or even the Share shorturl. It is difficult to translate these queries to the format necessary for the Query API.
Provide an API to execute a pre-existing UI-authored Query by its persistent name/id.
Could be used when constructing a custom portal or when emailing a dashboard snapshot.
Log Insight's Query API allows the expression of an arbitrary query directly. But Log Insight's UI also allows authorship of queries -- alerts, dashboards, saved queries and even share urls all fundamentally refer to a query Log Insight knows about.
Expose a query API endpoint which performs a query based on the name/id of a specific saved construct, without the API client needing to recreate the underlying query.
We need to have a feature where we can assign SI units to the numeric values parsed using the logs by writing a filter.
Say I am retrieving logs to parse the time taken or memory consumed in the logs. We should have capabilities to add SI units like sec, minutes, Bytes, KB etc.