Hi,
I have this need. Using Graylog I have some logs (managed with pipeline/extractor etc).
Then I send these messages to kakfa output.
Now I need to reduce Message data before it is written on Elastic, but I need it (complete) for my output.
Is this possible?
Thanks
Gianluca
Currently you can only output what is written to Elasticsearch - so no difference is possible.
Thanks.
So can you tell me if is possible to exclude Elastic write operation instead?
you can only drop messages - that is currently the only given option.
Thanks.
If I drop messages in some pipeline, I will lose it in the output, isn’t it?
If I drop messages in some pipeline, I will lose it in the output, isn’t it?
correct
So there is no way to exclude data in ElasticSearch but send it in my output
that is what I already have written.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.