Different Message data on Elastich and Output

gianluca-valentini · August 27, 2019, 9:35am

Hi,
I have this need. Using Graylog I have some logs (managed with pipeline/extractor etc).
Then I send these messages to kakfa output.

Now I need to reduce Message data before it is written on Elastic, but I need it (complete) for my output.
Is this possible?

Thanks
Gianluca

jan · August 27, 2019, 10:03am

Currently you can only output what is written to Elasticsearch - so no difference is possible.

gianluca-valentini · August 27, 2019, 10:46am

Thanks.
So can you tell me if is possible to exclude Elastic write operation instead?

jan · August 27, 2019, 11:31am

you can only drop messages - that is currently the only given option.

gianluca-valentini · August 27, 2019, 11:32am

Thanks.
If I drop messages in some pipeline, I will lose it in the output, isn’t it?

jan · August 27, 2019, 11:32am

If I drop messages in some pipeline, I will lose it in the output, isn’t it?

correct

gianluca-valentini · August 27, 2019, 11:33am

So there is no way to exclude data in ElasticSearch but send it in my output

jan · August 27, 2019, 12:31pm

that is what I already have written.

system · September 10, 2019, 12:37pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How I delete some event? Graylog Central (peer support)	4	1665	May 9, 2019
Graylog stopped saving data to Elasticsearch after output had been configured Graylog Central (peer support)	3	337	December 29, 2020
Graylog no Output Graylog Central (peer support)	6	2106	October 2, 2018
Drop debug logs with pipeline Graylog Central (peer support) pipeline-rules , debuggingpl	4	1768	February 13, 2019
Run several outputs Graylog Central (peer support)	3	435	August 6, 2018