In Leql (InsightOps/LogEntries), how do I filter on a calculated result that follows a groupby... so something like where(x) groupby(id) calculate(count) *HAVING(count>1)* The "HAVING(count>1)" is what I need to do. Thanks.
Posted by Joshua Smith about a month ago
I am trying to setup a side by side comparison with our current logging solution. I am unable to update log4net to the latest version (2.0.8) without breaking our current solution. This page https://docs.logentries.com/docs/log4net has slightly different instructions form this page https://insightops.help.rapid7.com/docs/log4net If I use the R7Insight.Log4net then logging to Insight Ops works but breaks our current solution, using logentries.log4net does not work for Insight Ops but our current solution does work. The R7Insights package requires log4net 2.0.8. Is there a way to use the logentries.log4net package to send logs to Insight Ops?
Posted by Nathanael Ness 2 months ago
I have a log message like this: 01 Jul 2019 04:18:51.88001 Jul 2019 04:18:51.8924 +00:00 Level=Info Logger=MyFunction Message=Time elapsed per listing (ms): 195. elapsedTimeSyncer=195 I want to graph 'elapsedTimeSyncer' over time. But looking at the queries docs (https://insightops.help.rapid7.com/docs/log-search), it appears we can only do calcs on the matches for a given search? What im trying to do is graph the elapsed time for my function over time.. which is the value here. Any ideas?
Posted by Ryan Miranda 3 months ago
We want to display an InsightOps dashboard on a TV in our office so that we can all see at a glance some key performance indicators in the system. Obviously I have created the necessary dashboard, but find that it logs itself out at intervals and then when we log back in, then the tool has reverted to top level needing 2-3 clicks to get the dashboard up again. Not really what we want. Is there a way to keep it logged in for longer so that we don't have to keep manually bringing it back?
Posted by Simon Bramwell 3 months ago
I've got a chart with a query along the lines of... ``` where(hostname = "someservername" AND method = GET) calculate(count) ``` The chart renders just fine but has a weird name like: "Some Server Name GET". If the name is longer due to the query then I'll lose information in the chart legend which is counterproductive. Can I provide some label or name for a field on a chart to make it more meaningful and useful?
Posted by Mike Hall 4 months ago
Maybe there is a really simple way to do this and I have just missed it, but is there a way to edit the legend and not have it just be the query used for the graphing? Functionally it can be a bit difficult for other users to determine which visualizations represent what.
Posted by Andre McLean 4 months ago
No matter what I do, or browsers I try, the button for "download certificate" in insight ops to set up a Syslog trust for a firewall does not work. The button does not react, and I cannot download the cert. Where else can I get it, unencrypted logging is not an option.
Posted by Tyler Kerr about a year ago
Hi, I'm not a programmer, I don't understand what a JSON is, nor do I know the first thing about what an API does or how to use or configure one. I hope to change that someday, but for now I just want to import txt files from different devices on a network and have a program sort each entry of each txt by time so I can see log events of all devices in order by time. Is that possible with your system, and if so, how can I do this? If this isn't what your program was designed to do, could you be so kind to point me in the right direction? I appreciate your help. Kind Regards, Stuart
Posted by Stuart Knight about a year ago