Hi all, i have questions to queries for nxlog collectors with sidecar for windows.
In configure NXLog inputs there are Channl and query field. Could you give more specific examples for querylist? <QueryList>\ <Query Id=”0">\ <Select Path=”Security”>*</Select>\ <Select Path=”System”>*[System/Level=4]</Select>\ <Select Path=”Application”>*[Application/Level=2]</Select>\ <Select Path=”Setup”>*[System/Level=3]</Select>\ <Select Path=”Windows PowerShell”>*</Select>\ <Select Path=”Microsoft-Windows-Sysmon/Operational”>*</Select>\</Query>\ </QueryList> we need logs from all channel, but we do not need logs for examle Level=3, or we do not need logs from specific source, do you have some experience and could you share these querylist? there is below define nxlog snippets, too. I would like to see some more specific use case of nxlog snippets? Is it possible to use "Exec if ($Channel == "Microsoft-Windows-WMI-Activity/Operational") drop(); Exec if ($Channel == "Security") drop();" thanks for your help -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/9aa23521-74a2-4c9c-a6c3-7a7d49794537%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
