Hello Aykisn,
Thank you ! For the first part, I knew that, but you're right with the 2nd
part ( with the timestamp must match regular expression : blabla ) it was
exactly my need. I will adapt.
But how did you find the regular expression with the timestamp ? I tried to
find it, without real success... (
*[0-9]{4}-[0-9]{2}-[0-9]{2}T[00]|[00-06]:[0-9]{2}:[0-9]+* )
Also sorry about my respond time, I was very busy with other stuff :)
Le lundi 7 novembre 2016 08:34:19 UTC+1, Aykisn a écrit :
> Actually, there are several options avalable to you, depending on what you
> want exactly.
>
> 1) If you just want to se if those logs actually exists just do this :
>
> a) On the search page, just change the timeframe with the absolute
> settings, and enter the corresponding timeframe, here's an example, which
> will show you every logs between yesterday night and in the morning today :
>
>
> <https://lh3.googleusercontent.com/-ThYNk4Z2bmY/WCAocNd2TPI/AAAAAAAAAqw/AlUA0xKBPfsqitWHfJAJTBafreWaLT2GwCLcB/s1600/1.JPG>
>
>
>
>
>
>
> b) Or you can just search on a one day timeframe, and look at the
> histogram, which will show you exactly what you want, while not needing to
> adapt the above settings every time. You can also put this graph in a
> dashboard for easy acces/view.
>
>
> <https://lh3.googleusercontent.com/-S48teFP7onQ/WCAtega0D-I/AAAAAAAAArA/58bYnhIrQaES0iSnfzGy_HERB_PFjc1bACLcB/s1600/2.JPG>
>
>
> 2) If you want to keep track of and see all the logs that are in the wrong
> timeframe (not between 6am and 22pm), you will have to create a stream with
> the following rules for example :
>
> - source:yourwindowsserver ("source matches exactly yourwindowsserver")
> - timestamp must match regular expression :
> *[0-9]{4}-[0-9]{2}-[0-9]{2}T[00]|[22-23]:[0-9]{2}:[0-9]+*
> - timestamp must match regular expression :
> *[0-9]{4}-[0-9]{2}-[0-9]{2}T[00]|[00-06]:[0-9]{2}:[0-9]+*
> Not sure about the regexes, but you get the idea.
> All logs coming from your windows server will belong to this stream, but
> only those who have a timestamp between 22pm to 23:59 pm, and between 0:00
> to 6am.
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/2c88171d-d76e-4290-87da-80b72cbf09a0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
