OK...streams and alerts for them are very cool...but it seems I can do much more in the search field than the stream field.
For Example if I want (EventID:4688 AND ((cscript OR wscript))) the search is pretty straightforward How can I do that in a Stream? If I set the EventID field AND Cscript match (with 2 rules), then how do I get the OR wscript match? Seems like it's almost there...but just not quite. The Search works great, but if I want to alert off this, then I'm forced into 2 streams? EventID:4688 AND cscript and the Other EvenID:4688 AND wscript ....this would seem cumbersome at best Where am I going off the rails here? Thanks TP -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/d55180c0-0399-4029-8f6f-4dddb7683f4f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
