Multiple filter in query

sohailmeer · June 26, 2020, 6:16am

Hi,

I am using this product for 2 or 3 months from now and it is amazing few of the things are very smooth and going if you have good understanding with the logs nature. I’ve been searching for an option and trying to achieve a thing i don’t know if it is possible. I want to get the multi syntax result.

for example when we set an search filter in linux log file
cat /var/log/messages |grep Jun\ 26 |grep -E “ERROR|FAILED|WAR” we get the result what we actually seeking for i am trying same thing for Graylog as well if hit the query like

source:“xyz” AND log_file_path:"/var/log/messages" AND message:“ERROR|FAILED|WARN”

This is just an example draw it wont work, i know to get the message we have to put AND between filters. So is there anyway we can put all the filters in one?

ttsandrew · June 30, 2020, 9:39pm

Hello @sohailmeer:

message: “ERROR|FAILED|WARN” is searching for that literal string in the body. Is that what you want? If not, then I think what you want is grouping.

source:“xyz” AND log_file_path:"/var/log/messages" AND (message:“ERROR” OR message:“FAILED” OR message:“WARN”)

https://docs.graylog.org/en/3.3/pages/searching/query_language.html

system · July 14, 2020, 9:39pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to filter the messages with log level Graylog Central (peer support)	2	4212	July 1, 2021
Unable to create filters using * wildcard with filebeat_log_file_path: Graylog Central (peer support)	5	5042	June 20, 2019
Blacklist messages based on multiple conditions Graylog Central (peer support)	1	558	October 31, 2018
Graylog Alert with multiple messages in one mail Graylog Central (peer support)	1	945	November 21, 2019
Help with search logic for complex query Graylog Central (peer support)	5	1180	June 30, 2020

Multiple filter in query

Related topics