Hi! Stream rules are AND connected, the stream only matches when all conditions are met.
For your extractor, you probably want to match the whitespace before the UP or DOWN. Also is the word always the last in the line? If that is so, you can try a regex like: .*\s(UP|DOWN)$ You can play around with the regular expressions here: http://fiddle.re/vfngh Best, Kay On Thursday, February 27, 2014 3:41:09 AM UTC+1, jin yu wrote: > > hi all,i use graylog2-0.20(use install-graylog-0.20-ubuntu.sh installed). > Such as following: > 2014 WGZX-3928 %%10L2INF/5/PORT LINK STATUS CHANGE(l):-DevIP=192.168.1.1- > 1 - Ethernet1/0/2 is > UP<http://114.66.195.12:9000/search?rangetype=relative&relative=28800&from=&to=&q=source%3A114.66.195.1#> > I want to match the last field may be is UP or DOWN.So create a rule > Field:full_message ,Type:match regular expression ,Value:"UP".But the > fullmessage contain > Feb 27 2014 01:58:26 JXSZ-5710-4F %%01INFO/4/SUPPRESS_LOG(l)[8141]:Last > message repeated 1 times.(InfoID=1082200067, ModuleName=SNMP, > InfoAlias=SNMP_FAIL) > So how to create a custom field use match this value,or exact match? > Also, in the same streams, different rules is the "OR" or "AND"? > Thank you. > > > <http://114.66.195.12:9000/search?rangetype=relative&relative=28800&from=&to=&q=source%3A114.66.195.1#> > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
