Cyber Defense with MITRE Framework | Graylog + SOC Prime | On-Demand Webinar >> ​

Tips & Tricks #1: How to Quickly Debug Your Stream Rules With One Click

In the first blog post of our new Tips & Tricks series, I want to show
you a quick way to debug your stream rules to test whether your targeted
messages will accurately be matched by a Graylog

. Here’s
how you do it.

Expand any message on a search results page and hit the
“Test against stream” dropdown to select a stream:


You will be redirected to the rules page of the stream you selected with
the message already loaded and an overview of which stream rules matched
and which did not. In the example below, our message did not get routed
into the stream, as evidenced by the notification in red. The field

in our message is 200 and does not match the
stream rule


Red is not always bad. In some cases, you may purposely not want certain
messages to route to a stream, and this test can serve as a confirmation
of that. Whatever your situation, knowing exactly what messages are
being routed or not into your streams helps to confirm and debug your
stream rules if anything is wrong.

I hope this saves a few minutes in your day. Stay tuned for the next Tips & Tricks installment!

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog blog delivered to your inbox once a month.