In this Graylog feature video, we’re going over Views, a feature that enhances your ability to quickly search for info and analyze data more efficiently.
USING THE GRAYLOG VIEWS FEATURE
Click on your “Enterprise” menu on your navbar, and then on the “Views” tab to open a new window. Here you will find a nicely populated list of pre-built Views, and an aptly-named green button to create a new one.
Let’s start by clicking on one of the pre-built ones, DNS: overview, to quickly understand how it works. In this View, we can find the last one day of logs, and a few widgets showing additional data such as the DNS servers in use, the amount of bytes used, and the most commonly requested domains.
CREATING A NEW VIEWS
If you want to create your own View, go back to the previous menu, and click on the green button we saw before (“Create a new view”). The first thing to do is to set the time range of when this dashboard View is going to look at (for example, the last hour). You can also choose to restrict the data sets from which the information is drawn (in this case, just DNS requests).
ADDING AND EDITING WIDGETS
After setting these two parameters, you can add some widgets inside the dashboard, such as the geolocalization of the countries that requested a DNS server. Just narrow down your search by typing in your filter the Fields section, and aggregate the data to create a new widget. Double-clicking on the title will allow you to change it with a new one that’s more to your liking. You can also drag and drop widgets around the screen so you can reposition them in the dashboard.
By clicking on the “Edit” button inside each widget, you can open a new window where you can find more configuration options. For example, you can limit the number of entries shown inside the widget, or sort them in ascending rather than descending order. By clicking on the filter icon on the top right corner of the screen, you can also filter out words that you don’t want inside the widget. When you’re done, just click on “Finish Editing.”
As soon as you finished adding and editing widgets, you can save your Views dashboard by clicking on the “Views Actions” blue button on the top right corner, and selecting “Save as.” This way you can share this Views with anybody else.
That’s all you need to know for the Graylog Views feature. Happy logging!