i am using AWS ECS with docker containers.
That is why i have faced with an issue that excpet needed logs in Graylog Fluentd is sending also AWS ECS agent logs.
There is no any chance to fixit on Fluentd side so as container log names are changing all the time and i can not fix config Fluentd config file and restart it to send only the proper file.
So only one thing what could be done - delete aws ecs agent logs on Graylog side using pipeline.
I have created one with the next rule:
contains("[INFO]", to_string($message.message)) OR
contains ("[ERROR]", to_string($message.message))
But it did nothing!Still see all the messeges in search result.
And 0 procceeded messages in output!
Please help to find the root cause and fix it!