Delete fields in message

Uporaba · October 3, 2019, 11:51am

How do I remove fields from a message? I have an extractor for the message field. Through pipelines does not exit.

rajnishtyagi · October 4, 2019, 4:24am

I do it with pipeline, here is my pipeline sample. please make sure to attach them with all_stream or any specific stream which you use for logs

rule "Remove additional fields"

when

    is_not_null("foo")

then

    remove_field("facility");

     remove_field("msg");

end

system · October 18, 2019, 4:24am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Drop default message field in extractors or pipelines Graylog Central (peer support)	2	4898	October 12, 2017
Syslog pipeline rules doesn't apply Graylog Central (peer support)	4	254	July 12, 2023
Remove some fields from message Graylog Central (peer support)	7	1317	August 25, 2022
Remove or nullify full_message field after extractors are completed? Graylog Central (peer support)	2	626	November 26, 2021
Remove Field function in pipeline not working Graylog Central (peer support) pipeline-rules , debuggingpl	5	2925	August 19, 2020