Comparing Streams

GTownson · May 24, 2017, 4:08pm

Hi everyone.
I was just wondering if there is a way to compare field values in two different streams.
For context I have firewall logs coming in and am filtering all denied connections into a stream as they are mostly port scanning, I would like to filter all the other messages from the firewall logs into a stream. I would then like to see if any of the denied IPs have been accepted and this would allow me to see where these port scanning IPs have been allowed access into the network. I would then also be able to look at IIS logs to see any other actions these IPs have been taking.

Thankyou in advance.

George

derPhlipsi · May 24, 2017, 7:59pm

Hey @GTownson,

Have a look at @billmurrin’s slookup plugin. This should help you if I understood your question correctly

Greetings - Phil

GTownson · May 26, 2017, 9:32am

Hey @derPhlipsi

Thankyou for the suggestion, I will get around to looking into it and give you an update on whether it solved my problem

G

system · June 9, 2017, 9:33am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to compare field from one stream with other? Graylog Central (peer support)	2	581	January 30, 2019
Value comparision from different messages Graylog Central (peer support) key_value	3	899	April 29, 2022
Drop All messags except matching and help on slookup function Graylog Central (peer support)	8	523	April 2, 2019
[Graylog 3.3] List of fields Graylog Central (peer support)	1	329	July 4, 2020
Extracting fields from Two different stream & Combine them Graylog Central (peer support)	5	897	March 14, 2019

Comparing Streams

Related topics