Hi Aidan, I am curious - why do you need a stream per source / keyword combination? Could you outline what you want to achieve with that solution - perhaps you're just approaching the problem the wrong way? The only reason I can think of for doing what you have outlined is permissions (ie strict delegation of access based on source / keyword combinations) ... ?
---HenrikJ On 29. maj 2015 kl. 21.55.11 CEST, Aidan Venn <aidanv...@gmail.com> wrote:Hi Jochemb,They could be a thousand sources but I only want to Create and EDIT one set of related streams that are applied to the sources when edited. A one to many approach. ONE set of streams MANY source ip addresses.Stream set:stream 1-keyword:disconnectsteram 2-keyword:lossstream 3-keyword:failstream 4-keyword:errorsteram 5-keyword:connectstream 6-keyword:deauthenticatestream 7-keyword:reconnectsteram 8-keyword:failurestream 9-keyword:crashThese would then be applied to 1000+ sources. If I then need to make a change I only have to do it once.Thanks for taking an interest.Kind RegardsAidan VennOn Friday, May 29, 2015 at 1:27:01 PM UTC+1, Jochemb wrote:Make three streams:stream 1-keyword:disconnectsteram 2-keyword:lossstream 3-keyword:failWithout a source? Op donderdag 28 mei 2015 10:40:20 UTC+2 schreef Aidan Venn: Hi,Garylog NewbiePlease see picture attached.I have three streams matching a single source IP and warning keywords from logs:source IP: 192.168.0.1stream 1-keyword:disconnectsteram 2-keyword:lossstream 3-keyword:failI want to "group" these streams and apply to multiple (1000 +) source IP addresses to benefit future scalability and large scale administration. Basically for each source IP they will be three or more streams but I only have to configure/edit the group once.I don`t want to have 1000 devices then have to copy each stream and then change the source IP address match. 10 keyword stream x 1000 devices would then equal 10000 streams in total to configure and edit. This would be very time consuming. Especially if I had to make a change. One change to the group would apply to all. A one to many relationship. How can I do this?Perhaps my approach/idaea is incorrect so any recommendations would be great.Kind RegardsAidan Venn -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
