Search Field Defaults per stream or dashboard widget

https://github.com/Graylog2/graylog2-web-interface/issues/595

Would like to carry this over to here, I couldn't find any reference on this ideas site to default fields, or field defaults.

It becomes cumbersome real fast to have to select on the fields you need for each search.

This idea even works if you can append the field's you want to enable as part of the search query, that way I could at least copy and paste the wanted fields each time rather than having to tick each one each time.

  • Guest
  • Apr 4 2017
  • Attach files
  • Martin Balsby commented
    April 4, 2017 20:49

    It just needs to be included now

  • Billy Bryant commented
    April 4, 2017 20:49

    This is a must!  Can you implement this via a savable "Search View" that can then be called via the search query as a POST string? 

  • Martin Balsby commented
    April 4, 2017 20:49

    I always need:

    Timestamp       source               AccountName Channel             EventID             EventType                            SourceModuleName                 SourceName    string0               string1               string2

  • Andy Sites commented
    April 4, 2017 20:49

    2nd the savable search views.  I think we all want different fields depending on the source we are looking at.  I would love to have a default set of default fields for say switches, another for firewalls, servers, etc. that I could quickly switch between.

  • Javier Pineda commented
    April 4, 2017 20:49

    It's just ridiculous that graylog doesn't support this after so many years

  • Dan Bolsun commented
    April 4, 2017 20:49

    This feature will become very handy. Please implement it.

  • Jakob Englisch commented
    April 6, 2017 18:57

    need!

  • Derzkiy Murinator commented
    April 17, 2017 09:21

    I upvote this

  • Nick Robson commented
    September 18, 2017 10:05

    Hi this feature is essential for us to adopt Graylog, is there any news on it?

  • Michael Jepson commented
    September 21, 2017 08:04

    I would like to just change the default set of fields, so it includes the severity by default.

  • Narek Aramjan commented
    October 20, 2017 13:10

    This would be fantastic

  • Bronius Motekaitis commented
    December 4, 2017 16:34

    Also voting for configurable default fields to show. For me, I start at Apache logs, and always having http status, remote IP, and request are helpful.

    A workaround for anyone looking for this is used Saved Searches:

    1. Search for what you seek. Feel free to add static placeholders for easy replacement later (ie. "AND remoteIP:1.2.3.4")
    2. Set the fields you love to see for that kind of search
    3. Save the search

    Next time you need to view a given stream with those fields, start your search with your Saved Search!  Be sure to strip off the custom remoteIP or adjust it accordingly.  Just a tip. :)