I’m new to Graylog and a bit confused with the usage of streams. I understand streams are mainly used to route messages (using rules) into categories and are also used/required to configure alerts. Why do we need to further categorize instead of just using the default category from the ‘All messages’ stream ?
For performance and to make life easier for users than using saved searches and to handle multiple index with different configurations (shards, replicas, retention policies).
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.