Help Creating Stream

lissaware · March 26, 2019, 5:33pm

I’m trying to create a stream for this search query

identity:ams_production level: 3 AND message: 'AmsAusLiveToVodStatusShellJob Live To Vod Converting failed or deleted'

and for my stream rules I have the fallowing options;

* Field  *identity*  must match exactly  *ams_production*
* Field  *level*  must be smaller than  *3*
* Field  *message*  must not match exactly  *'AmsAusLiveToVodStatusShellJob Live To Vod Converting failed or deleted'*

The stream is not display any of the data from the original search query under the stream. What am I missing?

macko003 · March 26, 2019, 6:12pm

Do it one by one.
Do three stream for every rule, and you Will find the error.

lissaware · March 26, 2019, 6:32pm

I have tried and for whatever reason none of them are showing the correct rules.

jan · March 27, 2019, 7:13am

first it isn’t that nice to post the same question over different places …

(and not connect the posts to each other )

Your search in the first screenshot is not what you like to get into your stream. In addition you did not show the expanded message - so no idea if the messages have the fields or not.

Having a full sentence match like you have in your last rule is a bad idea, just for performance reasons. Every messages will run into this regex and will be checked on that.

system · April 10, 2019, 7:13am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Stream Rule *wildcard Graylog Central (peer support)	6	2350	July 3, 2018
Help with stream rule Graylog Central (peer support)	3	112	February 27, 2024
Create rules stream Graylog Central (peer support)	2	178	July 20, 2022
A few new user questions Graylog Central (peer support)	4	513	October 30, 2017
Rules for stream Graylog Central (peer support)	3	495	April 14, 2022

Help Creating Stream

Related Topics