Doing a dashboard search

I’m relatively new to Graylog and would appreciate guidance on performing a targeted search within a dashboard. Specifically, I’m interested in filtering messages based on the following criteria:

  1. Source: Messages originating from ‘Blackbox’
  2. Message content: Anything relevant to ‘blackbox Hostd’

Additionally, I’ve successfully set up a pipeline rule to prevent logs related to certain strings from entering the system.

Could someone guide me on creating a search query or filter within Graylog to isolate messages originating from ‘Blackbox’ and containing ‘blackbox Hostd’ in the message content?"

Query syntax is based on the underlying engine: Elastic or OpenSearch

Here are some examples for ES that might be helpful:

OS also supports a SQL-style query syntax:

https://go2docs.graylog.org/5-0/making_sense_of_your_log_data/writing_search_queries.html?tocpath=Searching%20Your%20Log%20Data|_____1

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.