Complete novice needs help with setting up filters / query

Neil · April 25, 2022, 10:12am

Hi

I am a complete novice when it comes to Graylog. I have just been given access to a dashboard and I want to set up filters / queries.

I have an idea what to do but need help with the language / syntax.

I need to create many filters with machines that use - in their names.

The machines are in OU’s on AD based on model and the asset tags we use in college. These OU’s can contain upto 20 machies

Eg
HP840-78260
HP840-78278

When it add the names into a filter the second part of the names is red

HP840 then red - and red number.

I need to create a filter like hp840-78260 OR hp840-78278 OR etc…for upto the 20 devices.

If i can get an example then I can just copy the filter and edit the machine names.

I hope i have explained myself enough…

Many thanks

Neil

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

tmacgbay · April 25, 2022, 1:20pm

When you are executing a search, special characters have to be escaped so searching for HP840-78260 would be HP840\-78260

I think that is what you are looking for… ?

system · May 9, 2022, 1:20pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filter Stream with wildcard Graylog Central (peer support)	2	237	December 16, 2023
Excluding Character when Searching Graylog Central (peer support)	2	713	February 25, 2019
Multiple filter in query Graylog Central (peer support)	2	5523	July 14, 2020
Problem with stream rules Graylog Central (peer support)	7	385	November 22, 2023
Search for dollar sign Graylog Central (peer support)	3	1324	January 31, 2018