Hey Guys
I have a short question regarding the search syntax: Is there a possibility to use the EQL-Pipe (source: xxx | XXX-searchterm | yyy-.searchterm) like in elastic EQL or Splunk?
I tried to google but it collates with the term pipeline of graylog. I imagine, that it can be used like in Elastic but didn’t found out how to use.
Thanks for a short hint!
Sincereley
Hello & Welcome @sphenixfire
I personall have not see a pipe in a pipeline from your demo but someone else might have.
This link does show some examples , there old but does give an idea
If you can give a example what your trying to achieve , we maybe able to help.
Dear gsmith
Thanks for the friendly welcome. Looking forward to join the community.
Thanks also for your input. Not sure if I onderstood right but I placed an exmaple below that discribed a simple query for looking for rdp bruteforce. It has been took from splunk but I think it would also be usable in elastic (EQL syntax reference | Elasticsearch Guide [8.2] | Elastic)
Is there a way to write the same syntax (preferable on multi lilne like the screen shot shows)? As I image, I could also make queries with ANDs but I would prefere the syntax below.
thanks in advance for your effots
Oh I see now
Please take a look here
This will show what is need when using a pipe \|\ in a search.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
