Extractor per stream?

ksengal · July 27, 2018, 2:44pm

Hi,

I have filebeat on a host scraping many different types of logs and sending them to a graylog’s beats input.
All of these logs are different though (as I run different things on this host).

They all enter the same input, but I have separated them into different streams using rules that use “file” (i.e., filename) filters. So now I have all the different types of logs all separated out and I have alerts for errors, etc.

Now I’d like to do something like “extractors” on each stream. I know how to do them on each input, but in my case, all my logs are entering the same input.

Is there a way forward possible for me now? Is there a different way to achieve the same effect?

Thanks

jtkarvo · July 28, 2018, 6:44am

hi,

you can use processing pipelines for that purpose. See http://docs.graylog.org/en/2.4/pages/pipelines.html

system · August 11, 2018, 6:44am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Extractor per stream Graylog Central (peer support)	2	573	April 10, 2021
Conditional extractor Graylog Central (peer support)	2	1784	April 21, 2017
Multiple log types via filebeats to Graylog Graylog Central (peer support) pipeline-rules , route-to-streampl	4	2633	September 11, 2018
What's the process for filing certain messages into a different stream? Graylog Central (peer support)	7	838	February 4, 2022
Filebeat & Graylog (processors & extractors) Graylog Central (peer support)	3	1524	March 18, 2019

Extractor per stream?

Related Topics