Comparing Streams

GTownson · May 24, 2017, 4:08pm

Hi everyone.
I was just wondering if there is a way to compare field values in two different streams.
For context I have firewall logs coming in and am filtering all denied connections into a stream as they are mostly port scanning, I would like to filter all the other messages from the firewall logs into a stream. I would then like to see if any of the denied IPs have been accepted and this would allow me to see where these port scanning IPs have been allowed access into the network. I would then also be able to look at IIS logs to see any other actions these IPs have been taking.

Thankyou in advance.

George

derPhlipsi · May 24, 2017, 7:59pm

Hey @GTownson,

Have a look at @billmurrin’s slookup plugin. This should help you if I understood your question correctly

Greetings - Phil

GTownson · May 26, 2017, 9:32am

Hey @derPhlipsi

Thankyou for the suggestion, I will get around to looking into it and give you an update on whether it solved my problem

G

system · June 9, 2017, 9:33am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Value comparision from different messages Graylog Central (peer support) key_value	3	758	April 29, 2022
Graylog comparison of two fields Graylog Central (peer support)	2	979	December 8, 2020
Same field answer Graylog Central (peer support)	8	233	February 16, 2023
Stream has been disabled due to excessive processing time Graylog Central (peer support)	5	1485	September 28, 2017
Help needed with combination and filtering fields Graylog Central (peer support)	13	2510	September 28, 2017

Comparing Streams

Related Topics