Open
Description
These 3 types of rules now use the Graylog built-in "Filter & Aggregation".
To improve maintenance and ergonomy it would nice to merge these types.
By default only current COUNT fields would be presented.
The mathematical function would be count() by default, but the user could choose others like average() or max(), but with these last functions the user should choose a field.
Multiple mathematical functions could be use in the same rule.
Finally the user could optionally choose Group by Fields.
(The current Distinct by Field could be removed as it could be done by the card() function)
Metadata
Metadata
Assignees
Labels
No labels