rule "ignorelogs"
when
has_field(“level”) && to_string($message.level) == "5"
then
drop_message();
end
i create this rules to drop message that contain level 6 but nothing change could you help me ??
You wrote “level 6”, but your rule checks for level == “5”.
even i change it nothing change
Please provide some example messages and more details about your setup.