How to How you create custom field

Jeremie · December 1, 2017, 10:07am

Hello

I begin on graylog and I would like to create a Stream to filter projects with container_name

I alrealdy create Stream rule but the result is not complete or not
I try to create custom field suggest by Jochen is this topic : How to create Stream Rule for containers
but I can’t do it.
If you have a time to explain me and try a true case…
thx in advance.
Jeremie

jochen · December 1, 2017, 10:08am

What did you do exactly?
What did you expect to happen?
What was the actual result?

Jeremie · December 1, 2017, 10:12am

Hi Jochen
I want to have a Stream by project and in this stream I want only logs about containers concerned.
Today I just create the stream rules like in previous topic.
I don’t understand the custom fields

jochen · December 1, 2017, 11:03am

What did you do so far?

Jeremie · December 1, 2017, 11:17am

I only do stream rules

jochen · December 1, 2017, 11:58am

Please elaborate on the details.

Jeremie · December 1, 2017, 11:59am

When I try to search in all messages stream with container_name:XXXX it’s ok but if I create a new stream with rule container_name contain XXXX it’s not ok (no logs)

jochen · December 1, 2017, 12:23pm

Only new messages will be visible in the newly created stream. Existing messages won’t be part of the stream.

Jeremie · December 1, 2017, 3:13pm

Yes I know but I tried to generate some logs after create new one but nothing

jochen · December 1, 2017, 3:24pm

Maybe your stream rule didn’t match. Maybe the field you were referring to didn’t exist.

Hard to say with so little details…

Jeremie · December 4, 2017, 10:42am

An exemple with a project : proxy-parrainage
in all messages stream, if I try this search : container_name:proxy-parrainage*

I have a results but if I’m going into my parrainage stream with this rules

no message

I don’t understand why

jan · December 4, 2017, 11:00am

maybe it did not work, because the field does not contain parrainage_* but would contain parrainage and you defined that both must match - rethink what you have configured.

Jeremie · December 4, 2017, 11:02am

I have 2 rules because I have 2 containers in my project : parrainage and proxy-parraiange

jochen · December 4, 2017, 11:02am

What @jan said in How to How you create custom field plus the stream rules don’t support wildcards (* and ?).

Jeremie · December 4, 2017, 11:42am

Ok I don’t know stream rules don’t support wildcard.
I fixed for proxy-parrainage and it’s working.
but for my rule “parrainage” I don’t have result

Jeremie · December 4, 2017, 12:41pm

I found my error, by default streaml rules must match all of rules )
I changed it

system · December 18, 2017, 12:41pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to create Stream Rule for containers Graylog Central (peer support)	16	6389	November 8, 2017
Stream rules based on custom field (populated by a lookup table) Graylog Central (peer support)	3	324	February 3, 2022
Creating Stream Rules Using Pipeline Fields Graylog Central (peer support) pipeline-rules	5	5442	February 20, 2018
Create rules stream Graylog Central (peer support)	2	176	July 20, 2022
Use custom field (created by inputs/extractors) for a pipeline filter? Graylog Central (peer support)	3	1241	June 5, 2017

How to How you create custom field

Related Topics