Hello,
I begin on Graylog and I need help 
I would like to propose to my colleagues the logs that correspond to their project.
The project runs on different containers and it is easy to make the difference but how to create the associated rules?
Thx in advance
Jeremie
What exactly are you trying to accomplish?
You need to elaborate a little bit on what your goals are because that’s not clear to me from your first post.
the goal is to give a view to certain logs for a user group, these logs must contain only certain things, eg: only the logs of the container "test"
Thx
You can do that with Streams: http://docs.graylog.org/en/2.3/pages/streams.html
All you need is a field in the message which contains the container ID (or another unique value which can be mapped to the container or project).
I tried but I think I missing something.
In “All messages” I have this message and I need to create a Stream for “vision360”
I created this Stream rule
but I don’t have a messagein my stream 
Is there a field named “vision360” in your messages? I don’t see one in the example message you’ve posted.
no but i want to get all the logs from the vision360 containers
Then you either need to extract the string “vision360” into a custom message field or match another field in your stream rule.
Ok but how ?
I just want to have a logs of container_name vision360
If I were you, I’d probably split the container_name field on the - character, write the first result (e. g. “vision360_prod”) to a custom field (named “environment” or something like that), and match that in my stream rules.
ok, it’s working now but is it possible to have in a same rule few value, separate with “,” or “;” ?
No, that’s not possible. You need to create individual stream rules.
yes I thought well
in any case thank you very much for your availability
I would have more questions later
Sorry but I have just for the moment create a simple rule like that
It’s working but I have some case or is not
How you create custom field ?
You can use either extractors or the processing pipelines for this.
http://docs.graylog.org/en/2.3/pages/extractors.html
http://docs.graylog.org/en/2.3/pages/pipelines.html
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
