Re: [graylog2] Re: Weird Stream behaviour

[Tony]

Thank you Jochen to Highlight me :-) Now it works.

Thanks

Tony

2016-09-21 11:06 GMT+01:00 Jochen Schalanda :

> Hi Tony,
>
> your last post is missing the important part: Are the stream rules
> evaluated with logical AND (all rules have to match) or logical OR (only
> one rule has to match).
>
> Additionally, your second rule, "message field must match exactly WARN"
> is wrong, as the message field clearly does not only contain the word
> "WARN". You can either use a regular expression to match the message
> field or extract that word into a separate field.
>
> Cheers,
> Jochen
>
> On Wednesday, 21 September 2016 00:06:53 UTC+2, Tony wrote:
>>
>> Hi Jochen,
>> thank you for your answer and help. In the first screenshot I capture
>> from the field debug_level the word INFO and it works.
>> The second is supposed to capture the word WARN from the field message
>> and doesn't work. The third screenshot is the message line.
>>
>> Thanks
>>
>> Tony
>>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Graylog Users" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/
> topic/graylog2/61L7jHB8jok/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/graylog2/213a75cf-28d3-43cb-90b9-7b5225080307%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CACjATf-WotDW_qiqs-72xZHQ5FzQ9XUzXYz7UO02k8DXkDECKg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Re: Weird Stream behaviour

[Jochen Schalanda]

Hi Tony,

your last post is missing the important part: Are the stream rules 
evaluated with logical AND (all rules have to match) or logical OR (only 
one rule has to match).

Additionally, your second rule, "message field must match exactly WARN" is 
wrong, as the message field clearly does not only contain the word "WARN". 
You can either use a regular expression to match the message field or 
extract that word into a separate field.

Cheers,
Jochen

On Wednesday, 21 September 2016 00:06:53 UTC+2, Tony wrote:
>
> Hi Jochen,
> thank you for your answer and help. In the first screenshot I capture from 
> the field debug_level the word INFO and it works.
> The second is supposed to capture the word WARN from the field message and 
> doesn't work. The third screenshot is the message line.
>
> Thanks
>
> Tony
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/213a75cf-28d3-43cb-90b9-7b5225080307%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.