I would like to drop some syslog messages before wring to indexes.
Some log records contains particular IP addresses and I want to write a rule like
IF source=“xxx” AND IF ip=220.127.116.11 THEN drop.
I cant find a good resource which explains this. Graylog documentation about pipelines wasnt good enough.