Hello
I begin on graylog and I would like to create a Stream to filter projects with container_name
I alrealdy create Stream rule but the result is not complete or not 
I try to create custom field suggest by Jochen is this topic : How to create Stream Rule for containers
but I can’t do it.
If you have a time to explain me and try a true case…
thx in advance.
Jeremie
What did you do exactly?
What did you expect to happen?
What was the actual result?
Hi Jochen
I want to have a Stream by project and in this stream I want only logs about containers concerned.
Today I just create the stream rules like in previous topic.
I don’t understand the custom fields
What did you do so far?
I only do stream rules
Please elaborate on the details.
When I try to search in all messages stream with container_name:XXXX it’s ok but if I create a new stream with rule container_name contain XXXX it’s not ok (no logs)
Only new messages will be visible in the newly created stream. Existing messages won’t be part of the stream.
Yes I know but I tried to generate some logs after create new one but nothing
Maybe your stream rule didn’t match. Maybe the field you were referring to didn’t exist.
Hard to say with so little details…
An exemple with a project : proxy-parrainage
in all messages stream, if I try this search : container_name:proxy-parrainage*
maybe it did not work, because the field does not contain parrainage_* but would contain parrainage and you defined that both must match - rethink what you have configured.
I have 2 rules because I have 2 containers in my project : parrainage and proxy-parraiange
What @jan said in How to How you create custom field plus the stream rules don’t support wildcards (* and ?).
Ok I don’t know stream rules don’t support wildcard.
I fixed for proxy-parrainage and it’s working.
but for my rule “parrainage” I don’t have result
I found my error, by default streaml rules must match all of rules 
)
I changed it 
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
