c8y3
commented
9 months ago - In the wizard, add a "Search Query" field which corresponds to the "Search Query" of the event definition
- allow the creation of a rule where there is only a Search Query, but no conditions (in which case the Event Definition Streams should be empty)
- allow the creation of a rule with only condition, but no Search Query (like today)
- allow the case where both are configured: the Event Definition Stream is connected to the Stream which carries the conditions
When we started this plugin the only possibility to filter logs in an Event Definition were the Streams. But now Graylog can also use a query.
So when creating a rule with the Wizard we could also be able to set a query in addition to optionnaly use Streams.