Drop few words from Logs

tmacgbay · January 11, 2022, 6:18pm

rule "function remove Fortigate Fields"
when
    has_field("devname") &&
    has_field("vd")
then
    remove_field("vd");
    debug("**** Found both fields - DEVNAME and VD ---  attempted removal of VD");
end

You can then tail your Graylog server logs to see if the words from the debug function show up.

system · January 25, 2022, 6:18pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Drop Incoming Message Containing a Specific Word Graylog Central (peer support)	7	4513	August 27, 2019
Reduce size of daily logs from different devices Graylog Central (peer support)	5	708	December 31, 2021
Saving only part of a log Graylog Central (peer support)	5	401	August 23, 2022
Drop field with random name Graylog Central (peer support)	5	231	March 20, 2024
Trouble processing Fortimail Logs Graylog Central (peer support)	1	19	April 29, 2025

Drop few words from Logs

Related topics