Filtering by domain name


On graylog filter I use : Type : THEAD AND Subtype:url AND (Action:alert OR Action:allow)

But I have to many URL like:

So in Graylog I have 3 URL instead of one!

So how can I use on filter to have only * for each URL ?

Thank you.

how did you normalize your log messages? Maybe that can be optimized to fit better to your usecase.

Hello, Thank you for your answer.
Maybe I can optimized for yet I m not alowed to do it ^^

I just creat a regex : [a-zA-Z-]{1,}.[a-z]{2,3}(?:[$\s/\])
I do some test on and that looks good to begin.

But how can I use it on my search bar ?

Is it possible to do : Type:THEAD AND Subtype:url AND (Action:alert OR Action:allow) AND [a-zA-Z-]{1,}\.[a-z]{2,3}(?:[$\s\/\\])

Thank you.

Apparently there are quite some gotchas involved with regexp in Graylog / Elasic.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.