You can put querys to the dashbord, so I think it can help for you.
https://community.graylog.org/t/search-using-regex/4331/8
Or if you would like to do it at processing time, you can do it with pipelines. If your conditions are met you can put a net field on the message, and make a search for this field.
1 Like