Different Message data on Elastich and Output

gianluca-valentini · August 27, 2019, 9:35am

Hi,
I have this need. Using Graylog I have some logs (managed with pipeline/extractor etc).
Then I send these messages to kakfa output.

Now I need to reduce Message data before it is written on Elastic, but I need it (complete) for my output.
Is this possible?

Thanks
Gianluca

jan · August 27, 2019, 10:03am

Currently you can only output what is written to Elasticsearch - so no difference is possible.

gianluca-valentini · August 27, 2019, 10:46am

Thanks.
So can you tell me if is possible to exclude Elastic write operation instead?

jan · August 27, 2019, 11:31am

you can only drop messages - that is currently the only given option.

gianluca-valentini · August 27, 2019, 11:32am

Thanks.
If I drop messages in some pipeline, I will lose it in the output, isn’t it?

jan · August 27, 2019, 11:32am

If I drop messages in some pipeline, I will lose it in the output, isn’t it?

correct

gianluca-valentini · August 27, 2019, 11:33am

So there is no way to exclude data in ElasticSearch but send it in my output

jan · August 27, 2019, 12:31pm

that is what I already have written.

system · September 10, 2019, 12:37pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.