Hi!!! I have a question about basic search.
Is it possible to compare fields in graylog? Something like: “HEY, GRAYLOG! PLEASE FIND ME ALL EVENTS WHERE field1=field2”
My aim is to find all events which has TargetUserName not equal to SubjectUserName
For examle:
(EventID:4723 OR EventID:4724) AND (TargetUserName:<>SubjectUserName:) - it’s not works
Thanks
Here is the queries explanation : http://docs.graylog.org/en/2.2/pages/queries.html
You can do searches like " field_name IS NOT ‘value’ ", so you could try applying it to comparing fields instead.
Like, " field_one IS NOT field_two"
If I’m wrong, I’m counting on a more knowledgeable person to prove me wrong.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
