I had a few ideas in how Graylog2 could even more support the user in finding relvant log messages.
Both of them are described below.
This would be a dotgraph which displays the relative amount of log messages occuring at a given timespan. Here is an example of this kind of graph, which is called dotgraph as far as I know. Github is also using them to dislplay the repository activity.
Beside a default variant with sane defaults the following options would be useful:
- start for time interval
- end for time interval
- interval for each dot Examples: 1 Day, 1 Week, 1 Hour, etc.
When browsing log messages there could be an indicator displaying if the log message occured somewhere earlier or not. It would be possible to get this data by analyzing x log messages around this point in time backwards by good intervals (hours, days, weeks, etc.).
There are several options to realize that in the interface.
I don't really know how unique/similar log messages of different kinds of systems are. Possibly there are not many log messages exactly identic so that might not work so well. A workaround could be to ignore numbers or other appearingly dynamic things when analyzing the log messages.