Are we only able to search a stream? So if I want to search for a user’s activity do I already need to have a stream set up for that? Sorry for asking simple questions but I’m new to IT in general, new to log analysis and new to Graylog.
if you are admin user you have the ability to search over “all messages” without a stream.
Streams give you the ability to seperate data.
Maybe you read the Getting Started Guide of the Docs http://docs.graylog.org/en/2.4/pages/getting_started.html
That should answer some questions.
I’m being asked to check for malicious behavior from a user. If there wasn’t a stream set up will I be unable to search for it?
no - if you have the ability to access the data you can search for it.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.