I would like to drop some syslog messages before wring to indexes.
Some log records contains particular IP addresses and I want to write a rule like
IF source=“xxx” AND IF ip=184.108.40.206 THEN drop.
I cant find a good resource which explains this. Graylog documentation about pipelines wasnt good enough.