Good morning, I am new to graylog and trying to set up a stream and am having odd behavior. I have the following message:
Jan 06 2016 09:48:26: %ASA-5-722033: Group <Staff> User <test> IP <00.00.00.00> First UDP SVC connection established for SVC session. and I am trying to match this with regex so that it will appear in a stream. Using the option within the message detail view for "Test against stream" and using the stream rule below shows that this message will be routed into my stream: Field: full_message Type: match regular expression Value: "First UDP" (*full_message* must match regular expression *"First UDP"*) But when I go to the stream and search for "*" and set the date accordingly, I get a lot of message that do not contain "First" or "UDP" in them. Here is one of the messages that somehow gets routed into this stream: FW-A /kernel: watchdog: Time since last watchdog strobe: 31 Finally, when I seach for "First" within my stream, I am only getting one message to show up. It's like it is ignoring all of the other messages or pulling in messages based on the wrong index number or something. I am not sure what I am doing wrong to see this and any help is greatly appreciated! Mcfly -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/9c294dd9-547d-45ed-9ced-ed44ef9fa665%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
