1

I use Graylog 2.10.0 to collect the logs. I set a Grok pattern to parse my log, and one field is %{NUMBER:consume_time;int}ms,and it works well, I capture consume_time correctly, but when I try to use "statistics" function, it only show "Total" and "Cardinality", the other fields are marked as "NaN"。

And I also check the document type in ElasticSearch, it shows the type of "consume_time" is "long".

Anyone can tell me why?

mikeshi
  • 63
  • 1
  • 9
  • I'd recommend using one of the official support channels for Graylog to address a larger (specialized) audience: https://www.graylog.org/community-support – joschi Sep 02 '16 at 10:26

1 Answers1

3

It's possible that the consume_time field contained non-numeric values before (in older indices) and the time frame you've selected includes those values.

Try cycling indices (System → Indices → Maintenance) and only select a time frame including this new index to verify this guess.

joschi
  • 12,746
  • 4
  • 44
  • 50
  • It's right, I auto delete the index 3 hours ago, and now it works well, and I got all the results. – mikeshi Sep 03 '16 at 03:31