Hello everyone, I would like to configure a stream so that it necessarily matches with a rule (the source of this stream), and that it necessarily matches with one of the other two rules that I have set up (because I would like that only two types of messages appear). But I don’t know how to do it …

Configuration of streams

shoothub (Shoothub) July 1, 2020, 12:27pm 8

If you want to find fields directly in message field, you can use this pipeline rule:

rule "msg"
when
    contains(to_string($message.message), "key=") OR 
    contains(to_string($message.message), "cwd=")
then
    route_to_stream(name: "Syslog commands logs");
end

Topic		Replies	Views
Route_to_stream not working Graylog Central (peer support) pipeline-rules , route-to-streampl	3	1654	October 21, 2019
Test Against Stream ALL GREEN but message not routed in stream Graylog Central (peer support) pipeline-rules , route-to-streampl	3	655	June 2, 2018
Rules for routing messages to different indexes Graylog Central (peer support) route-to-streampl	9	756	March 22, 2024
Pipeline rule that route to a stream Graylog Central (peer support)	3	369	March 15, 2024
Route to stream - Forwarder Input Graylog Central (peer support) pipeline-rules	9	1293	November 8, 2023

Configuration of streams

Related topics