Extractor per stream

syntax · March 25, 2021, 4:09am

Hi,

I’m trying to see if I can avoid ‘Processing Pipeline’ with the following configuration,

Each Input > Extractor > Streams > Send to respective indices.

This way, I can have 1 extractor to 1 stream.

Do you think this is okay?

gsmith · March 27, 2021, 12:40am

@syntax
Hello,
I believe this can be done.
What version of Graylog are you using?
Is this a single node or a cluster?
How did you configure your extractor?
What kind of INPUT are you using to ingest logs?
How is your stream rules configured to filter out messages?

Topic		Replies	Views
Extractor per stream? Graylog Central (peer support)	2	1948	August 11, 2018
Best practice for splitting one input into multiple indices Graylog Central (peer support) pipeline-rules , route-to-streampl	1	2451	August 7, 2020
A Question about Extractors and Inputs Graylog Central (peer support)	2	893	September 4, 2017
How to get a raw version and a parsed version of the same messages Graylog Central (peer support) pipeline-rules	3	1126	March 3, 2022
I am missing functionaiilty in the input que. How to deal with that !? Graylog Central (peer support) pipeline-rules	10	627	December 15, 2022

Extractor per stream

Related topics