I’m new to graylog and am currently attempting to drop level 7 logs (linux syslogs) before they are written to an index file.
Here is a summary of the setup:
- Log files with a level of greater than 5 (syslog 6 and 7) are directed to non-default stream “syslogs 6 and 7”.
- A pipeline “Drop Messages” has been created and connected to the stream “syslogs 6 and 7”
- … in the “Drop Messages” pipeline, a rule has been created called “Drop Syslog Messages” with the following code
`rule “Drop Syslog Messages”
(to_string($message.level) == “7”)
However it looks like the rule has no effect, i.e. I can see level 7 messages being logged by the Graylog server.
Is it possible the rule is not correct, even though I’m not getting syntax error markers appearing when typing the rule ?
Are there diagnostic tools in graylog or a way to see why the rule is not taking effect ?