问题
I'm storing data from Drupal into syslog into Graylog. I'd like to find all messages based on their severity (what Graylog seems to call level).
Here's a screenshot of some messages showing the "Level" field. These all happen to be Notices, but the search I entered is finding the word "Notice" in the message field, not in the Level field.
回答1:
Since the Drupal logs are going through syslog (and Drupal's watchdog severity matches RFC 5424 severity levels) the levels you're looking for are stored in graylog by their numeric ID, e.g. 0-7.
So, use search "level:5" to find messages with a severity level of notice.
I found this notation out by clicking into a Graylog message and then clicking on the level field. Clicking on a field within a message highlight will put that field into the search section where you can see the notation required.
来源:https://stackoverflow.com/questions/29564739/how-can-i-find-messages-in-graylog-based-on-level-syslog-severity-priority