I guess that is what is confusing. I see some references in posts and Github change posts that mention calling saved searches in a stream
For example: https://groups.google.com/forum/#!topic/graylog2/7uHfdWJIeGg So...if I am understanding you correctly, I can NOT call a saved search in a stream at all. So...Pipelines are the answer and not streams in this case? Thanks TP On Monday, January 23, 2017 at 5:37:17 PM UTC-6, Tom Powers wrote: > > OK...streams and alerts for them are very cool...but it seems I can do > much more in the search field than the stream field. > > For Example if I want (EventID:4688 AND ((cscript OR wscript))) the > search is pretty straightforward > > How can I do that in a Stream? If I set the EventID field AND Cscript > match (with 2 rules), then how do I get the OR wscript match? > > Seems like it's almost there...but just not quite. The Search works > great, but if I want to alert off this, then I'm forced into 2 streams? > EventID:4688 AND cscript and the Other EvenID:4688 AND wscript ....this > would seem cumbersome at best > > Where am I going off the rails here? > > Thanks > > TP > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/7670a081-c907-4e62-a337-4d79d02d23c5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
