Help Creating Stream

lissaware · March 26, 2019, 5:33pm

I’m trying to create a stream for this search query

identity:ams_production level: 3 AND message: 'AmsAusLiveToVodStatusShellJob Live To Vod Converting failed or deleted'

and for my stream rules I have the fallowing options;

* Field  *identity*  must match exactly  *ams_production*
* Field  *level*  must be smaller than  *3*
* Field  *message*  must not match exactly  *'AmsAusLiveToVodStatusShellJob Live To Vod Converting failed or deleted'*

The stream is not display any of the data from the original search query under the stream. What am I missing?

macko003 · March 26, 2019, 6:12pm

Do it one by one.
Do three stream for every rule, and you Will find the error.

lissaware · March 26, 2019, 6:32pm

I have tried and for whatever reason none of them are showing the correct rules.

jan · March 27, 2019, 7:13am

first it isn’t that nice to post the same question over different places …

(and not connect the posts to each other )

Your search in the first screenshot is not what you like to get into your stream. In addition you did not show the expanded message - so no idea if the messages have the fields or not.

Having a full sentence match like you have in your last rule is a bad idea, just for performance reasons. Every messages will run into this regex and will be checked on that.

Topic		Replies	Views
How to How you create custom field Graylog Central (peer support)	16	4887	December 18, 2017
GrayLog boolean stream rule doesn't seem to filter correctly Graylog Central (peer support)	3	399	March 1, 2021
Stream not getting messages Graylog Central (peer support) pipeline-rules	4	3388	March 15, 2019
Stream message do not show Graylog Central (peer support) route-to-streampl	6	662	July 15, 2022
Test Against Stream ALL GREEN but message not routed in stream Graylog Central (peer support) pipeline-rules , route-to-streampl	3	685	June 2, 2018

Help Creating Stream

Related topics