如何根据级别(syslog严重性/优先级)在Graylog中查找消息 [英] How can I find messages in Graylog based on level (syslog severity/priority)

问题描述

我要将数据从Drupal存储到syslog中再存储到Graylog中.我想根据邮件的严重性(Graylog所称的级别)查找所有邮件.

I'm storing data from Drupal into syslog into Graylog. I'd like to find all messages based on their severity (what Graylog seems to call level).

这是一些显示级别"字段的消息的屏幕截图.这些都是碰巧的，但是我输入的搜索是在消息字段中而不是在级别"字段中找到单词"Notice".

Here's a screenshot of some messages showing the "Level" field. These all happen to be Notices, but the search I entered is finding the word "Notice" in the message field, not in the Level field.

推荐答案

由于Drupal日志正在通过系统日志(并且Drupal的看门狗严重性与

Since the Drupal logs are going through syslog (and Drupal's watchdog severity matches RFC 5424 severity levels) the levels you're looking for are stored in graylog by their numeric ID, e.g. 0-7.

因此，请使用搜索级别:5"来查找严重性为通知级别的消息.

So, use search "level:5" to find messages with a severity level of notice.

通过单击Graylog消息，然后单击级别字段，我发现了这种表示法.单击消息突出显示内的字段，会将其放入搜索部分，您可以在其中看到所需的符号.

I found this notation out by clicking into a Graylog message and then clicking on the level field. Clicking on a field within a message highlight will put that field into the search section where you can see the notation required.

这篇关于如何根据级别(syslog严重性/优先级)在Graylog中查找消息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！