Oh....OK... so I have a couple ways to try out. What is the syntax to use a saved search in a Stream? That is eluding me right now
Thanks TP On Monday, January 23, 2017 at 5:37:17 PM UTC-6, Tom Powers wrote: > > OK...streams and alerts for them are very cool...but it seems I can do > much more in the search field than the stream field. > > For Example if I want (EventID:4688 AND ((cscript OR wscript))) the > search is pretty straightforward > > How can I do that in a Stream? If I set the EventID field AND Cscript > match (with 2 rules), then how do I get the OR wscript match? > > Seems like it's almost there...but just not quite. The Search works > great, but if I want to alert off this, then I'm forced into 2 streams? > EventID:4688 AND cscript and the Other EvenID:4688 AND wscript ....this > would seem cumbersome at best > > Where am I going off the rails here? > > Thanks > > TP > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/7b329f79-2a46-4854-b0c3-3c6020cafe80%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
