Complex searching with subquery-functionality?

ancutici · April 24, 2017, 8:12am

Hi there,

i have two sources/streams and i wonder, if it’s possible to search similar to sql-Subqueries.

For example:
One source/stream comes from a reverse proxy and contains prevented attack attempts. The other source/stream are apache-accesslogs. Now I would like to see all apache-requests of the attackers, which could not be prevented.

In mysql it would be something like that:
select * from sourceA where sourceA.IP in (select IP from sourceB)

Or if i separated the messages by source:
select * from streamA where streamA.IP in (select IP from streamB)

The (fantasy) search-syntax could be something like that:
source:apache.accesslog AND IP:(IP[source:attackers])
source:apache.accesslog AND IP:(IP[stream:12312388])

Is there something like that in graylog?

Thanks, Michael.

jochen · April 24, 2017, 8:38am

No, that’s not possible.

ancutici · April 24, 2017, 8:53am

thank you for this clear answer. Then it’s not necessary to research further.

Topic		Replies	Views
Help with search logic for complex query Graylog Central (peer support)	5	1045	June 30, 2020
Multiple filter in query Graylog Central (peer support)	2	5516	July 14, 2020
Combine/merge two queries Graylog Central (peer support)	5	2889	March 9, 2020
Subnet Search Query Graylog Central (peer support)	20	12996	December 11, 2017
Searching via regular expression. Possible? Graylog Central (peer support)	4	33417	August 1, 2018

Complex searching with subquery-functionality?

Related Topics