I have message logs stored on 2 indexes with prefix graylog & critial_alarms
- critial_alarms is for critical detections stream.
- graylog is “All messages” stream.
the search is showing duplication of logs…
how can we exclude index critial_alarms* from “All messages” search? (critial_alarms_1,critial_alarms_2,critial_alarms_3…)
!_index:critial_alarms_2is working fine while !index:critial_alarms* is not…
When you’re creating a stream, check the box to remove matches from “All Messages” stream
you can also edit your existing stream and check that box. Beware though, this will not go and remove messages that are already in the stream… just any moving forward from now on.
Thank you for the info,but acctually we need to have all messages in one place and we are using the other streams for alerts filtering.
so the main debugging stream is the “All messages”…
Not sure what version of Graylog you are using, so this may be different for you, but in 3.2.4 (latest current version) you can filter your search results by selecting the stream/s you want to search.
If you have your streams going to their own indices, then filtering the stream will in effect filter the index. If the streams are sharing an index, then you won’t be able to filter the index
or perhaps I’m still misunderstanding.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.