Hello,
is it possible to copy a stream using a stream rule like this:
Field: streams
Type: contain
Value: 57f4dd19055ef703b32889b1
I think this was possible in Version before 2.4.0.
In Addition to another rule like Level < 4 it would be possible to tailor a stream to certain levels (severities).
Best regards,
Dietmar
Hej Dietmar,
that kind of “advanced” routing should be done using the processing pipelines. That is more flexible than any other option you have.
with kind regards
Jan
Hallo Jan,
thank you very much.
But since 2.4.0 it looks like some rules in Graylog does not work anymore. The rules worked before in Graylog 2.3.
Example:
rule "drop_level7_netscaler_rule"
when
to_long($message.level) > 5
then
drop_message();
end
If I run the Simulator I get the result, that a (random) message would be dropped. But in reality never ever a message gets dropped.
What could be the problem here?
Regards,
Dietmar
Hallo Jan,
now I see:
Depending on what “Message Input” i choose (RAW /Plaintext UDP or Syslog UDP) , I get “dropped” or not “dropped”.
But how can I change the “Message Input Type” on that stream. Or do I have to modify the underlying input?
Regards,
Dietmar
I’m sorry, but that’s simply not enough information to give a reliable answer.
Maybe start by describing your setup and sharing the complete configuration of the relevant components (such as inputs, extractors, pipeline rules, etc.).
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
