I’m having issues excluding some logs from graylog, as they are quite spammy.
The messages I’m trying to exclude are from SNMP.
Connection from UDP: [10.85.1.30]:64093->[10.75.3.25]
They all have this portion of the message:
Connection from UDP: [10.85.1.30]:
Here’s what I have so far;
rule “remove spammy snmp”
has_field (“message”) && to_string($message.message) == “Connection from UDP: [10.85.1.30]”
Unfortunately not working, which I assume I haven’t got the right match requirements.
Can someone please give me an example on how this would work?
Thanks for your time!