Thanks for your reply, I’ve found also this topic https://community.graylog.org/t/graylog-for-integrity-log-hashing/15570 but I don’t understand how the pipeline rules work.
Let’s see if I’ve understood the process: a message comes into graylog and goes into a Stream where I can apply pipeline rules. One of the rule generates the hash of the message field and the other one verify the hash. That’s mean the message will be valid only if there’s been no edit between the two rules that are applied in sequence. But if the message has been edited before pipelines rules are applied, the hash and the verification are still valid.