Thanks Henrik. Lol - I remember a crazy party with lots of crazy zabbix guys and lots of champagne!
I never found the ring and I am now on my forth in five years! regards On Monday, June 1, 2015 at 7:25:21 AM UTC+1, Henrik Johansen wrote: > > Exactly :) > > Also keep in mind that messages can exist in multiple > streams since it’s just a form of tagging and filtering. > > If you really, really need to use the approach you > outlined there a 2 options - one would be to vote for > the implementation of issues #381 and #382 another > would be to use the excellent REST API in Graylog > to manipulate the streams any way you would like. > > Btw Aidan - did you ever find the ring you lost at the > Zabbix Conference a few years back? > > — > HenrikJ > > On 31 May 2015, at 22:29, Brandon <bk...@alias454studios.com <javascript:>> > wrote: > > I can see the benefit of having a stream template feature but to repeat > what Henrik asked, why does each source need its own separate stream? Not > asking to deter your question, I'm trying to understand the use case. A > stream rule can be setup to find ALL messages that hit on the "disconnect" > keyword and route to a single stream. The "disconnect" stream would contain > messages from ALL sources that send in that message (source 1.1.1.1, > 1.1.1.2, 1.1.1.3 etc.). From within the stream, you can then use the quick > filters feature to find a list of all unique sources and add that to a > dashboard gadget. This can be repeated for the 10 different keywords and > then one only has to manage 10 streams instead of 10,000. > > Regards, > Brandon > > On 05/31/2015 11:00 AM, Aidan Venn wrote: > > Hi, > > its like having a template applied to sources. > > change the template changes all the related sources. > > Like in Zabbix. > > Kind Regards > > Aidan > > On Thursday, May 28, 2015 at 9:40:20 AM UTC+1, Aidan Venn wrote: >> >> >> <https://lh3.googleusercontent.com/-VXS0tYSBx3Y/VWYbA0x3z0I/AAAAAAAADg8/7ZikVzm-U_U/s1600/Untitled.png> >> Hi, >> >> Garylog Newbie >> >> Please see picture attached. >> >> I have three streams matching a single source IP and warning keywords >> from logs: >> >> source IP: 192.168.0.1 >> >> stream 1-keyword:disconnect >> steram 2-keyword:loss >> stream 3-keyword:fail >> >> I want to "group" these streams and apply to multiple (1000 +) source IP >> addresses to benefit future scalability and large scale administration. >> Basically for each source IP they will be three or more streams but I only >> have to configure/edit the group once. >> >> I don`t want to have 1000 devices then have to copy each stream and then >> change the source IP address match. 10 keyword stream x 1000 devices would >> then equal 10000 streams in total to configure and edit. This would be very >> time consuming. Especially if I had to make a change. >> >> One change to the group would apply to all. A one to many relationship. >> How can I do this? >> >> Perhaps my approach/idaea is incorrect so any recommendations would be >> great. >> >> Kind Regards >> >> Aidan Venn >> > -- > You received this message because you are subscribed to the Google Groups > "graylog2" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to graylog2+u...@googlegroups.com <javascript:>. > For more options, visit https://groups.google.com/d/optout. > > > > -- > You received this message because you are subscribed to the Google Groups > "graylog2" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to graylog2+u...@googlegroups.com <javascript:>. > For more options, visit https://groups.google.com/d/optout. > > > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
