Awesome vid man. I have a sonicwall. I'm wondering what's the best way to extract that. I have the data flowing to graylog but I can't seem to find any decent examples for sonicwall. The only 2 things in the marketplace are years old and are using the split and index method which I don't think will work for me because the index can change depending on the type of message
the pipeline can contain multiple rules, but the rule itself is part of a pipeline. and once the pipelines are created and applied to a certain stream they will run no matter what. it doesn't matter if the message will match or not, they will be run for every message that goes in that stream.
@@BitsByteHard thanks for the answer. If pipelines can be attached to one specific stream that may be interesting. Extractors are only applied to inputs, so they have the potential to run much more times than needed compared to an stream, which is usually more narrowed to certain messages or server. Thanks
the grok pattenrs extactors or the rules in the pipeline apply only to those specific patterns that they are created for, if your streams have different patterns then it won't work. if this doesn't apply there you really have a issue with graylog and i suggest you to upgrade to the latest version or open a topic with the graylog community, maybe they have a bug in it
Hello man, first of all thanks for sharing your knowledge. I would like to know how did u get the left side bar who allow you to "Search result". I missed it on my installation. Thanks for the answer and "Bonjour" from France!
Hi Yannis, the search bar might be different from one graylog version to another, in this one i'm using graylog 3.0. i would appreciate if you could be more specific indicating the minute and second.
@@BitsByteHard Thanks for your reply. I'm using graylog 3.2 and i was meaning the left side bar on your screen at 0:02. Because from it you can select a specific field and click on "quick values". And I wanted to do this action. In the night i resolve my issue. The problem was : there is no problem. The extractors works well but only on new data incoming and not on all date already stored. So when i receive more data i realise that it work well. Thanks you again for your reply and sorry for my bad english. I appreciate a lot your entire work.
@@yannisboukari2569 in the 3.2 version you can click on Search -> expand the search with the arrow -> fields for more info you can check the video i made about version 3.2 th-cam.com/video/uo5mDD8AUNc/w-d-xo.html minute 9:21
Great channel. Thanks for the job.
thanks.
Awesome vid man. I have a sonicwall. I'm wondering what's the best way to extract that. I have the data flowing to graylog but I can't seem to find any decent examples for sonicwall. The only 2 things in the marketplace are years old and are using the split and index method which I don't think will work for me because the index can change depending on the type of message
try to watch all the videos i did for grok patterns, do practice and you'll make it for sure
I appreciate the video but I had to really turn every volume setting I had all the way up to hear you okay.
had some issues in the past with the sound...
how are the latest videos regarding sound?
how is pipeline rules different than telling the rule to only run if the message contains certain string?
the pipeline can contain multiple rules, but the rule itself is part of a pipeline. and once the pipelines are created and applied to a certain stream they will run no matter what. it doesn't matter if the message will match or not, they will be run for every message that goes in that stream.
@@BitsByteHard thanks for the answer. If pipelines can be attached to one specific stream that may be interesting. Extractors are only applied to inputs, so they have the potential to run much more times than needed compared to an stream, which is usually more narrowed to certain messages or server. Thanks
I can't hear louder...
Hi there, on your messages. How did you set your source as Ip address mine it shows the Host/PC name btw i'm using UDP Gelf as an input
I tried to filter our messages with Graylog for the past 7 months and got nowhere. Finally, I found your video. Excellent information! Thank you!
glad you liked it
you might wanna check the 2nd part which i did for the pipelines ;) th-cam.com/video/pb25AW-CEzQ/w-d-xo.html
thanks. hope you'll enjoy grayloging :D
what is the % sign in grok pattern?
logz.io/blog/logstash-grok/
Very helpful to get a grasp of Graylog extractors!
cool
Appreciate the video. Its working fine but only for new streams coming in but old streams are not applied, any help with be appreciated. Thanks
the grok pattenrs extactors or the rules in the pipeline apply only to those specific patterns that they are created for, if your streams have different patterns then it won't work.
if this doesn't apply there you really have a issue with graylog and i suggest you to upgrade to the latest version or open a topic with the graylog community, maybe they have a bug in it
hi please can you help me i have different time and i don't receive log in real time ? how i can configure it
your company should have an NTP servers to sync your servers with it, if not you can use a public one www.ntppool.org/en/use.html
Hello man, first of all thanks for sharing your knowledge. I would like to know how did u get the left side bar who allow you to "Search result". I missed it on my installation. Thanks for the answer and "Bonjour" from France!
Hi Yannis, the search bar might be different from one graylog version to another, in this one i'm using graylog 3.0.
i would appreciate if you could be more specific indicating the minute and second.
@@BitsByteHard Thanks for your reply. I'm using graylog 3.2 and i was meaning the left side bar on your screen at 0:02. Because from it you can select a specific field and click on "quick values". And I wanted to do this action. In the night i resolve my issue. The problem was : there is no problem. The extractors works well but only on new data incoming and not on all date already stored. So when i receive more data i realise that it work well. Thanks you again for your reply and sorry for my bad english. I appreciate a lot your entire work.
@@yannisboukari2569 in the 3.2 version you can click on Search -> expand the search with the arrow -> fields
for more info you can check the video i made about version 3.2 th-cam.com/video/uo5mDD8AUNc/w-d-xo.html
minute 9:21