Streams defining rules with AND/OR groups


(Libincheeran) #1

I’m trying to create a stream which alerts if the the Errors/Exception count exceeds certain value.
For this I need to create a stream with rules like -
gl2_source_input = 58c22dac2ab79c00012f3bf8
AND ( message contains ‘Error’ OR ‘Exception’)

Under ‘Manage Stream Rules’ I can either use an AND or OR condition and not both and can’t group certain conditions.

Can somebody help me on how to create the rules for the above ?

Thanks!


(Jochen) #2

Graylog only supports evaluating stream rules with logical AND or logical OR, but not a combination.

If you need more complex rules, take a look at the message processing pipelines: http://docs.graylog.org/en/2.2/pages/pipelines/stream_connections.html