hi all,i use graylog2-0.20(use install-graylog-0.20-ubuntu.sh installed). Such as following: 2014 WGZX-3928 %%10L2INF/5/PORT LINK STATUS CHANGE(l):-DevIP=192.168.1.1- 1 - Ethernet1/0/2 is UP<http://114.66.195.12:9000/search?rangetype=relative&relative=28800&from=&to=&q=source%3A114.66.195.1#> I want to match the last field may be is UP or DOWN.So create a rule Field:full_message ,Type:match regular expression ,Value:"UP".But the fullmessage contain Feb 27 2014 01:58:26 JXSZ-5710-4F %%01INFO/4/SUPPRESS_LOG(l)[8141]:Last message repeated 1 times.(InfoID=1082200067, ModuleName=SNMP, InfoAlias=SNMP_FAIL) So how to create a custom field use match this value,or exact match? Also, in the same streams, different rules is the "OR" or "AND"? Thank you.
<http://114.66.195.12:9000/search?rangetype=relative&relative=28800&from=&to=&q=source%3A114.66.195.1#> -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
