Graylog2
Assign a Default Message Table Configuration Per Stream
What?
When you select a single stream from the main search page or the Streams web page, you should be able to have a user configured default message table that loads which has configured fields relevant to that log type. Either as a new type of saved information on the Stream or linking a stream to a specific saved search maybe?
For example, I can create and assign a message table config on a Cisco Umbrella DNS stream that by default has various fields added to the table such as the query request, the response status, associated user etc.
Unsure how it would work with multiple streams selected in the search pane, maybe it reverts back to the default timestamp, source and message preview when multiple are selected.
Why?
With the existence of saved searches, this is not a huge issue as its only a couple extra steps to load in a saved search however it would be nice to assign that saved search or some variant of it as the default view that loads when you open a stream.
Your Environment
- Graylog Version: 5.0.6
- Elasticsearch Version: 2.3
- MongoDB Version: 5
- Operating System:Ubuntu 2204
- Browser version: Edge 114
It would add to the discoverability of the features for less technical users. Seeing that some additional values exist beyond timestamp, source, and message could trigger writing more informed search queries.
With more and more of our logs coming in as structured data, the message field is now pretty sparse. Of course there is far more functionality in being to query individual fields, but if users don't easily understand that the fields are even there, they tend to give up early.
Also, this should be configurable as a global default even if not in a specific stream or saved search.
