Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!
1. Describe your incident:
I have a running graylog and the logs are coming in with a running extractor for the username.
Now what I want to do is, to find all users, that have not been logged in for more than 90 days. Is it possible to search for these users? So something like show all users in logs older than 90 days, but do not show them if the username is shown in a log newer 90 days.
2. Describe your environment:
-
OS Information: Oracle Linux
-
Package Version: Graylog 5.0.8+4c22532 (Eclipse Adoptium 17.0.6 on Linux 5.4.17-2136.300.7.el8uek.x86_64)
-
Service logs, configurations, and environment variables:
3. What steps have you already taken to try and solve the problem?
I can search for users, because I’ve got the key to do so, but unique that are older than 90 days are a problem right now.
4. How can the community help?
Maybe someone got something like this already done, because I don’t know how to start here…
Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]