Is there a way to create source groups? The idea is to create groups for each department containing the IP addresses of the servers they are responsible for. I would like to use this group for searches and dashboards. How do most people handle filtering data by department?
create one stream per department and sort by stream rules or if more complex by processing pipeline into the streams.
Is there a way to tag streams at the source so they can be sorted, or do I have to create multiple inputs listening on different ports?
Is there a way to make a list of IP addresses that get sorted to a particular stream?
you are able to do what fits best to your setup and depending how you deliver the logs to Graylog.
Depending on the shipper you are able to add options/tags to single files that can be used to identify and sort on that. Or you can use the filename that might be available as meta data to sort on that. Or you sort based on the source ip - whatever you want to build is possible.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.