Filter logs Received

badaroed · July 15, 2024, 7:02am

Gentlemen, what’s up?

Is there any way to filter the logs received in Graylog?

I’m asking because of my scenario, where I’m receiving logs from Vmware EXSI, and there are a lot of them every day… which quickly fills up the SRV Graylog disk…

Joel_Duffield · July 15, 2024, 7:17am

Absolutly! If you have a pipeline rule wirh something in the when clause measage_type = something I dont care about, and in the then clause you have the function drop_mesaage, then those messages will be dropped and never be stored.

badaroed · July 18, 2024, 1:08pm

Is there a step-by-step document on how to do it?

gsmith · July 25, 2024, 3:46am

Hey @badaroed

First setup you Pipeline.

https://go2docs.graylog.org/5-0/making_sense_of_your_log_data/pipelines.html
The pipeline page you need name the pipeline, attach the stream and add the rule.

Example of pipeline rule

rule “Drop Syslog Messages”
when
   has_field("level") AND
   ( to_string($message.level) == “7” OR
     lowercase(to_string($message.level)) == "debug" )
then
   drop_message();
end

system · August 8, 2024, 3:46am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Dropping messages using Pipelines Graylog Central (peer support) pipeline-rules , debuggingpl	4	7161	August 2, 2019
Filter messages depending on content Graylog Central (peer support) pipeline-rules , debuggingpl	7	6653	September 25, 2020
Drop message before "All Messages" stream Graylog Central (peer support) pipeline-rules , route-to-streampl	3	1722	April 7, 2020
Performance: Stream Rule vs Pipeline Rule? Graylog Central (peer support) pipeline-rules , route-to-streampl , debuggingpl	4	1267	September 23, 2019
Filter specific or repated log in Graylog Graylog Central (peer support) pipeline-rules	3	443	February 24, 2021

Filter logs Received

Related topics