Hi Nilesh, unless you have activated the access log for the Graylog REST API (which would show the user name along with the DELETE request for the stream rule) there's unfortunately to retroactively find out which user deleted the stream rule.
There's a feature request on GitHub at https://github.com/Graylog2/graylog2-web-interface/issues/772 for implementing an audit log in Graylog, but it's currently not scheduled for a specific release. Cheers, Jochen On Tuesday, 28 April 2015 22:14:16 UTC+2, Nilesh Date wrote: > > Hi, > > Being system admin , I have created local application user and given > read/write access to them but someone deleted stream rule. > Is there any way to find out who deleted it ? > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
