May you please help me with this query/requirement?
I need to map all the topics that are publishing specific event messages. I am trying to filter the logs messages by the event name… it works, but sadly returns > 50k messages, which is impossible for the mapping purpose. It occurs because most of them are from the same source… How can I filter these messages by event name and different sources? I am new to graylog and I’ve read the doc, but none of my attempts have worked, so far!
Welcome to the community, Marcelo! We’re glad you’re here!
I’m moving your post to our Daily Challenges where it’ll get more eyes on it.
You may be able to filter down your results by using pipeline functionality described in our documentation. Check out this page and let us know if it helps:
Hello and welcome
I’m using Graylog 4.0, Elasticsearch 7.10 and MongoDb 4.2 all on one virtual machine.
Using separate INPUTS for my devices Linux machines, firewall, Switch’s, and windows.
Since you stated you want to filter out Event Names/sources, I’m assuming these are Windows devices.
One way would be is to make INPUT using GELF this creates the fields needed to make rules for the STREAM. Here is an example below.
