Speed while trying to quantify log volumes

Follow
Avatar
Colin Field

I'm trying to count log volumes by day ... I believe one of my subsystems has gone a little nuts.

This query is taking forever.  Is there a better way to graph the volume change over a ~2 week period?

 

_collector = 327531-web1.oilandgasjobsearch.com | timeslice by 1d | count by _timeslice

1

Comments

2 comments

Sort by Date Votes
  • Avatar
    Ben Newton

    Colin,

    That query will be pretty slow. The best thing to do is set up a dashboard tracking messages by collector. Something like: 

    * | timeslice 1d | count by _collector, _timeslice | transpose row _timeslice column _collector

     

    In the longer term, we will have an option to funnel usage back into your account to let you do this more easily.

    0
    Comment actions Permalink
  • Avatar
    Christian

    also, we are in the final stages of preparing for release functionality that will push statistics on the number and size of messages as "logs" back into your account for further analysis. this will be by collector, source, source category, source name, and source host. we will then also work on supplying some content for you to use (searches, dashboards).

    in the meantime, Ben's suggestion is the best way to approach this manually. but i should also point out that we do have the status page, under the manage top level menu - if you are looking for volume by collector, this should help you as well.

     

    chr.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post