Oh....OK... so I have a couple ways to try out. What is the syntax to use a saved search in a Stream? That is eluding me right now
Thanks TP On Monday, January 23, 2017 at 5:37:17 PM UTC-6, Tom Powers wrote: > > OK...streams and alerts for them are very cool...but it seems I can do > much more in the search field than the stream field. > > For Example if I want (EventID:4688 AND ((cscript OR wscript))) the > search is pretty straightforward > > How can I do that in a Stream? If I set the EventID field AND Cscript > match (with 2 rules), then how do I get the OR wscript match? > > Seems like it's almost there...but just not quite. The Search works > great, but if I want to alert off this, then I'm forced into 2 streams? > EventID:4688 AND cscript and the Other EvenID:4688 AND wscript ....this > would seem cumbersome at best > > Where am I going off the rails here? > > Thanks > > TP > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/7b329f79-2a46-4854-b0c3-3c6020cafe80%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
