Gotcha...I was hoping that some of the more complex searches that one can write
and save could simply be called and used by a stream
I'll dig into what pipelines can give me in that case
Thanks
Tp
--
You received this message because you are subscribed to the Google Groups
"Graylog Users"
Hi Tom,
On Tuesday, 24 January 2017 20:44:53 UTC+1, Tom Powers wrote:
>
> What is the syntax to use a saved search in a Stream? That is eluding me
> right now
>
I'm not sure we're talking about the same things. Saved searches are simply
stored search queries which can be loaded (not their
OhOK... so I have a couple ways to try out.
What is the syntax to use a saved search in a Stream? That is eluding me
right now
Thanks
TP
On Monday, January 23, 2017 at 5:37:17 PM UTC-6, Tom Powers wrote:
>
> OK...streams and alerts for them are very cool...but it seems I can do
> much
Hi Tom,
On Tuesday, 24 January 2017 16:30:50 UTC+1, Tom Powers wrote:
>
> So...if I am understanding you correctly, I can NOT call a saved search in
> a stream at all.
>
Sure, saved searches can also be used in streams (as they are simply that:
saved search queries).
So...Pipelines are the
Hi Tom,
On Tuesday, 24 January 2017 14:49:58 UTC+1, Tom Powers wrote:
>
> The rule only seems to give me the one category/operator/criteria choice
> per rule. So in the search abovewhat would the rule structure look like
> to get the same result?
>
You can use multiple rules per stream and
I may have the terms off here
In the stream rules, I can select a field...Event ID for exampleselect the
operatormatch exactly for example, and then the field of what I want it to
match...4688 for example
The rule only seems to give me the one category/operator/criteria choice per
Hi Tom,
On Tuesday, 24 January 2017 00:37:17 UTC+1, Tom Powers wrote:
>
> OK...streams and alerts for them are very cool...but it seems I can do
> much more in the search field than the stream field.
>
What exactly is the "stream field"?
The search bar in the Universal Search and in a stream
