Hello.
What is the best pratices for index and streams usage?
My general questions is:
The flexibility is what it makes complicated. Maybe our reworked getting started guide can help you a little: http://docs.graylog.org/en/2.4/pages/getting_started.html
But the way you work and configure your setup is primary based on your usecase. You do not have “one way” to solve.
Fine, will read it a bit more the getting started 
About pipeline x stream rules, its OK use stream rule instead pipeline? I read some users talking that pipeline is more recommended.
it depends how you have your processing order ( System > Configuration) if that makes sense or not.
You can’t use stream rules you create in processing pipelines when the order of processing have the pipelines after the message filter chain - but you should have the processing pipelines after the message filter chain to have the streamrules already finished.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
