Drop message before "All Messages" stream

darung · March 24, 2020, 7:53am

Hi

I am trying to drop some messages before they go into the “all messages” stream and therefore get indexed. I have a single input (syslog udp) and some extractors on it.
I’m new to graylog and could not figure out how to do this - the pipeline and rule I created are working but can only be applied to streams (but not to “all messages”), at which point the message I would like to drop is already routed into “all messages” as well.

Processors order is Message Filter Chain then pipelines.

What am I misunderstanding here?
Thanks in advance

Ponet · March 24, 2020, 10:40am

Messages only get indexed after going through the entire message processing chain.

You should be able to create a pipeline with the All Messages stream connected and add your drop rule into that.

darung · March 24, 2020, 11:58am

Thanks it works now!

system · April 7, 2020, 11:58am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filter logs Received Graylog Central (peer support) documentation	4	79	August 8, 2024
Dropping messages using Pipelines Graylog Central (peer support) pipeline-rules , debuggingpl	4	7161	August 2, 2019
Another pipleline question Graylog Central (peer support) pipeline-rules	6	432	March 1, 2022
Routing Messages Across Streams and Index Sets Graylog Central (peer support) pipeline-rules , route-to-streampl	2	1760	February 8, 2018
Drop Incoming Message Containing a Specific Word Graylog Central (peer support)	7	4346	August 27, 2019

Drop message before "All Messages" stream

Related topics