Hello !
I’ve just upgraded my 4.3 graylog server to 5.0 and I was intrigued by the new filters functionnality presented in this KB : Adding a Search Filter
When connecting to the updated server the first time, I was able to see the new Filters menu and its icons. But I’m not sure what I’ve done, but it’s not visible anymore, and I can’t find any setting to bring it back to my GUI.
I see in the KB that you can view the configured filters from the Enterprise > My Search Filters menu. I assume thus that it’s not a feature available for Graylog Open ?
Yes, it is only available in the commercial version of Graylog. I have asked the docs team to add the banner to the top of the documentation page for it that calls out that fact. Sorry for the confusion.
Hey @gsmith ! I was reffering to the new filters feature available since v5.0. You can read about them in the docs Adding a Search Filter. It’s not a saved search.
But indeed, I’m running the Open installation, thus I cannot use this functionnality. @Joel_Duffield thank you for your answer
@gsmith , filters are a new feature. They are essentially snippets of search queries that can be applied inline to your searches. The idea is that you can include frequently used query strings into otherwise free-form queries. For example, you are looking at particular events in the web server logs, but you want to exclude the dev environment, which are included by default. The filter might read:
AND NOT source_ip:10.10.10.*
which would represent the dev environment’s subnet, thus excluding those systems from the query.
That’s just one example. It could be any portion of a query that you use frequently. You could even stack them if it makes sense. It gives you a convenient way to store and access them for daily use.
