Top message visualization - how to filter

brayndasilva · May 13, 2016, 7:20am

Hi,

I'm working with Syslog data from routers and switches and am trying to make a visualization that shows me what type of message is coming in the most. Like a top 5 message kind of thing so we can quickly see what we deal with the most.

When I try to make a pie chart and split it up based on the syslog_message field I get results, but they don't make sense.

This is what I end up with https://i.gyazo.com/e35a865117295121a3b0d4aaf1fdfea2.png

The message fields include the following which I want to sort it on "APPTRACK_SESSION_VOL_UPDATE", "APPTRACK_SESSION_CLOSE", "CHASSISD_IPC_UNEXPECTED_RECV" and a few more.

The message field is just a bunch of text, but how do I filter it out?

brayndasilva · May 13, 2016, 8:01am

http://pastebin.com/eJY1xfDp

This is what it looks like. What I want to do is make a visualisation that shows me what message I get the most. Some are unique and others aren't so is there a way to filter it in a way so it looks at the first few characters since that's all we need to determine what message it is.

brayndasilva · May 13, 2016, 10:52am

I had to use the .raw version of the field