Graylog2 Stream filter rule

Question

I've got a graylog server setup and working. (version 0.9.6, with web interface). I have a stream for log entries with severity NOTICE or higher.
I want to add a filter rule to that stream which filters out all the entries with the word nagios in them (also nagios: or nagios-plugins).

I've tried adding these rules to the stream (as a full message filter):

NOT .*nagios.*
-nagios\:*
 -*nagios*
NOT *nagios*

Result of those was that the stream stopped getting log entries.

How do I add a correct filter?

score 3 · Answer 1 · answered Jul 10 '12 at 13:25

3

Well, thanks to http://rubular.com and some testing this regexp works:

^((?!nagios).)*$

answered Jul 10 '12 at 13:25

score 1 · Answer 2 · answered Jul 10 '12 at 09:08

1

Just .*nagios.* should be enough.

answered Jul 10 '12 at 09:08

Lennart Koopmann

826
1
8
14

Graylog2 Stream filter rule

2 Answers2