Hi Brandon,
I see now what you and Henrik mean. That’s a far more suitable solution and one I will start to have a look at. My original approach / mind-set wasn`t correct. Thanks for yours and Henriks help. I`ve been playing with graylog for about 10 days on and off now and loving it! Kind Regards Aidan Venn On Thursday, May 28, 2015 at 9:40:20 AM UTC+1, Aidan Venn wrote: > > > <https://lh3.googleusercontent.com/-VXS0tYSBx3Y/VWYbA0x3z0I/AAAAAAAADg8/7ZikVzm-U_U/s1600/Untitled.png> > Hi, > > Garylog Newbie > > Please see picture attached. > > I have three streams matching a single source IP and warning keywords from > logs: > > source IP: 192.168.0.1 > > stream 1-keyword:disconnect > steram 2-keyword:loss > stream 3-keyword:fail > > I want to "group" these streams and apply to multiple (1000 +) source IP > addresses to benefit future scalability and large scale administration. > Basically for each source IP they will be three or more streams but I only > have to configure/edit the group once. > > I don`t want to have 1000 devices then have to copy each stream and then > change the source IP address match. 10 keyword stream x 1000 devices would > then equal 10000 streams in total to configure and edit. This would be very > time consuming. Especially if I had to make a change. > > One change to the group would apply to all. A one to many relationship. > How can I do this? > > Perhaps my approach/idaea is incorrect so any recommendations would be > great. > > Kind Regards > > Aidan Venn > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.