Extractor per stream

syntax · March 25, 2021, 4:09am

Hi,

I’m trying to see if I can avoid ‘Processing Pipeline’ with the following configuration,

Each Input > Extractor > Streams > Send to respective indices.

This way, I can have 1 extractor to 1 stream.

Do you think this is okay?

gsmith · March 27, 2021, 12:40am

@syntax
Hello,
I believe this can be done.
What version of Graylog are you using?
Is this a single node or a cluster?
How did you configure your extractor?
What kind of INPUT are you using to ingest logs?
How is your stream rules configured to filter out messages?

system · April 10, 2021, 12:41am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Best practice for splitting one input into multiple indices Graylog Central (peer support) pipeline-rules , route-to-streampl	1	2086	August 7, 2020
Pipelines vs extractor performance Graylog Central (peer support)	3	2350	December 25, 2019
Extractors Question Graylog Central (peer support)	2	306	February 10, 2021
Hitting multiple streams Graylog Central (peer support) pipeline-rules , route-to-streampl	3	1482	June 21, 2017
Extractors vs. Pipelines - What is the preferred way? Graylog Central (peer support) pipeline-rules	2	8006	October 12, 2017

Extractor per stream

Related Topics