Log message data aggregation has been expanded and improved for all Alert Logic® customers leveraging our log management service. You are now able to aggregate your log message data based on different tokens within the same hierarchy in order to generate a more helpful view of your information.
Note: This new capability is only available when using the improved log search, which you can learn more about with the Improved Log Message Search knowledge base article.
Log Message Aggregation
A new grouping mechanism, Group by Permuted, allows you to aggregate on the data and tokens that you have specified. In order to use this capability, access the Alert Logic console's Log Search page at the Search tab. Then select Group by Permuted and choose the tokens that you want aggregated, within the Namespace column.
Suppose you want to know about Unix sessions that were successfully opened for a user by another user. Without the improved aggregation, you can group by user, which will give you various user groups and their associated log messages. This shows you the various occurrences of a user opening a Unix session for another user, but it does not show you the overall count of all users within those messages or how many total users took this action.
With the improved aggregation, you can utilize the Group by Permuted syntax and specify by user, which will break down the user groups, providing you with a list of each individual user. Now you can see the data broken down into every user and the count of every message each user generated by opening a Unix session for another user.