i just started using graylog and have actually a basic installation with only one node which is running fine so far. When I created a new index set to separate FW logs (another retention etc.) I started to receiving messages twice (new fw index and default index). My stream, related to the firewall logs, are pointing to the fw index and “Remove matches from ‘All messages’ stream” is enabled. But all messages are stored in fw index as well in the graylog index (default).
There is no other stream where the fw logs are routed by rule and point to the default index, except of the “all messages” stream.
I am currently using
Does anyone know how to fix this error?