I guess that is what is confusing. I see some references in posts and Github change posts that mention calling saved searches in a stream
For example: https://groups.google.com/forum/#!topic/graylog2/7uHfdWJIeGg So...if I am understanding you correctly, I can NOT call a saved search in a stream at all. So...Pipelines are the answer and not streams in this case? Thanks TP On Monday, January 23, 2017 at 5:37:17 PM UTC-6, Tom Powers wrote: > > OK...streams and alerts for them are very cool...but it seems I can do > much more in the search field than the stream field. > > For Example if I want (EventID:4688 AND ((cscript OR wscript))) the > search is pretty straightforward > > How can I do that in a Stream? If I set the EventID field AND Cscript > match (with 2 rules), then how do I get the OR wscript match? > > Seems like it's almost there...but just not quite. The Search works > great, but if I want to alert off this, then I'm forced into 2 streams? > EventID:4688 AND cscript and the Other EvenID:4688 AND wscript ....this > would seem cumbersome at best > > Where am I going off the rails here? > > Thanks > > TP > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/7670a081-c907-4e62-a337-4d79d02d23c5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
