Hi Jochemb, They could be a thousand sources but I only want to Create and EDIT one set of related streams that are applied to the sources when edited. A one to many approach. ONE set of streams MANY source ip addresses.
Stream set: stream 1-keyword:disconnect steram 2-keyword:loss stream 3-keyword:fail stream 4-keyword:error steram 5-keyword:connect stream 6-keyword:deauthenticate stream 7-keyword:reconnect steram 8-keyword:failure stream 9-keyword:crash These would then be applied to 1000+ sources. If I then need to make a change I only have to do it once. Thanks for taking an interest. Kind Regards Aidan Venn On Friday, May 29, 2015 at 1:27:01 PM UTC+1, Jochemb wrote: > > Make three streams: > > stream 1-keyword:disconnect > steram 2-keyword:loss > stream 3-keyword:fail > > Without a source? > > Op donderdag 28 mei 2015 10:40:20 UTC+2 schreef Aidan Venn: >> >> >> <https://lh3.googleusercontent.com/-VXS0tYSBx3Y/VWYbA0x3z0I/AAAAAAAADg8/7ZikVzm-U_U/s1600/Untitled.png> >> Hi, >> >> Garylog Newbie >> >> Please see picture attached. >> >> I have three streams matching a single source IP and warning keywords >> from logs: >> >> source IP: 192.168.0.1 >> >> stream 1-keyword:disconnect >> steram 2-keyword:loss >> stream 3-keyword:fail >> >> I want to "group" these streams and apply to multiple (1000 +) source IP >> addresses to benefit future scalability and large scale administration. >> Basically for each source IP they will be three or more streams but I only >> have to configure/edit the group once. >> >> I don`t want to have 1000 devices then have to copy each stream and then >> change the source IP address match. 10 keyword stream x 1000 devices would >> then equal 10000 streams in total to configure and edit. This would be very >> time consuming. Especially if I had to make a change. >> >> One change to the group would apply to all. A one to many relationship. >> How can I do this? >> >> Perhaps my approach/idaea is incorrect so any recommendations would be >> great. >> >> Kind Regards >> >> Aidan Venn >> > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
