Does Graylog have a possibility two combine to search querys: I.e. to use the outcome of one search as parameter input for another query (like sql join)?
Use case:
I have a search facility: xxx AND “error-text”
Using correlation ID’s found in this first search I can do another search query to find related messages (one by one). Can I use the outcome of the first query as input to the second?
Would like to create a csv export afterwards for easy analysis.
Thanks
no there is nothing like a join in Graylog. Can you try to explain a bit differently what you are trying to achieve? Perhaps there is another way of doing this?
With your query you find messages which have an ID. And now you want to find messages with this ID?
Why not just search for the ID? What does the join have todo with it?
I want to search related messages, but not for one ID (that can be done manually), but for multiple ID’s that have been found in the other search message. So this is were the join comes in