Can I create extractor on All Event stream?

bbfunde · May 27, 2020, 9:15am

Graylog version: v3.3.0+4ea5649

Hi everyone,

I tried to create extractor from the message shown in All Event stream but failed with the following error message.

Here’s my questions:

1) Is that it is not supported to create extractor from the All Event stream?

I created some custom fields from Alert’s event definition, but I can’t see any value from the field “fields”, please see the image below. Is this also one of the limitations?

Thanks in advance!

jan · May 27, 2020, 9:46am

the processing pipelines does not work on the event and system events stream as this messages does not have the same message flow as a message that is ingested via your inputs.

That is the reason you can’t created extractors here or make a processing pipeline work on that messages.

bbfunde · May 27, 2020, 10:36am

Thanks @jan again for the explanation .

jan · May 27, 2020, 12:20pm

I have created an issue for that

because that is not the right behaviour.

system · June 10, 2020, 12:21pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Extractor per stream Graylog Central (peer support)	2	573	April 10, 2021
A Question about Extractors and Inputs Graylog Central (peer support)	2	877	September 4, 2017
Connecting an extractor to a input Graylog Central (peer support)	7	2048	September 12, 2018
Extractor help needed Graylog Central (peer support)	2	812	March 15, 2021
Unable to create new extractor Graylog Central (peer support)	2	1140	July 25, 2018

Can I create extractor on All Event stream?

Related Topics