I need sort syslogs into about 5 categories based on a field (eg. “abc=”) for which there are about a thousand specific potential integer values. The only way I know would be a lot of OR statements, is there a more efficient way? Thank you.
Future versions of Graylog will include the possibility to implement lookups on different sources, but currently that’s not supported.