How can I find messages in Graylog based on level (syslog severity/priority)
I'm storing data from Drupal into syslog into Graylog. I'd like to find all messages based on their severity (what Graylog seems to call level).
Here's a screenshot of some messages showing the "Level" field. These all happen to be Notices, but the search I entered is finding the word "Notice" in the message field, not in the Level field.
Since the Drupal logs are going through syslog (and Drupal's watchdog severity matches RFC 5424 severity levels) the levels you're looking for are stored in graylog by their numeric ID, e.g. 0-7.
So, use search "level:5" to find messages with a severity level of notice.
I found this notation out by clicking into a Graylog message and then clicking on the level field. Clicking on a field within a message highlight will put that field into the search section where you can see the notation required.
- How to configure TLS programmatically with librelp for a relp server
- How to write DRY rsyslog rules?
- Wildfly 10 Sys-log-handler printing with Byte_order_mark <feff>
- Docker Service not starting when trying to set max-size in /etc/docker/daemon.json
- rsyslog - Property-based filtering not working
- Can't attach a ruleset for imuxsock in rsyslog
- How to configure syslog so that an applications log goes to a specific file
- How to Disable logstash error logging in syslog
- rSyslog stopped sending only SOME data
- rsyslog rewrite hostname before relay
- rsyslog generate uuid as rfc4122
- Rsyslog convert msg timestamp to rfc3339 format
- rsyslog can't compile regex pattern within template
- Logrotate add suffix to a rotated log file: Nested
- Difference between :omusrmsg:* and * action in rsyslog.conf
- how to remove hostname and timestamp from logs coming from remote syslog server
- Multiple Inputs for Single Rule Set (Filtering/dropping in a single location)
- rsyslog is not forwarding logs to elasticsearch
- Syslog receives logs from Cisco Switch but doesn't log them
- Split rsyslog files
- SysLogHandler messages grouped on one line on remote server
- Logstash pipeline adding extra timestamp%{host} in beginning of rsyslog message
- rsyslog filtering and forwarding
- Unable to Parse Kafka server logs format into RSYS
- Rsyslog unable to send multiline logs
- Need guidance in delimiter for regex
- Unable to monitor Elasticsearch server logs in kibana dashboard
- Syslog doesn't send messages over UDP
- Syslog UDP Input failed - rsyslog and graylog
- Multiline Log issue with rsyslog