I am new to Graylog. I have installed and configured it successfully. I added 3 windows clients to monitor logs. I want to add customized field to my graylog. My requirements are…
- I need one folder in which same type ( for example failed login’s ) logs from all clients.
- I need 2nd folder in which only particular server logs will be displayed.
Please let me know if any other information is required from end.
Thank you in advance.
Welcome to the Logging world.
For your first issue, “adding a customized field” that depends more or less on what data you’re adding and under what circumstances. You will want to research Pipeline Rules.
The second part about ‘Folders’ will depend on how you want to see the information. If you want simple counts and trending graphs, create a dashboard. If you want all the log information in a certain way, create a view or save a search.
If something doesn’t work for you or you’re stuck, try to be a bit more specific in your information. Logging Windows, even failed logins can be pretty daunting. There are over 1000 event types in a default Windows 10 install
I tried using extractors and i got it now as per my requirement.
Thanks for the support.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.