Graylog Collector--Preserving YAML key order

bluescreenofwin · September 26, 2018, 6:40pm

Is there a way to preserve the key order of the items in ‘Event name’? For example, If I put in the following in the Event Name field:

[{‘processors’:,‘drop_event.when.and’:,‘equals.log_name’:‘Security’,‘not.or’:,‘equals.event_id’:‘4771’,‘equals.event_id’:‘4688’}]

It outputs like this:

drop_event.when.and: null
equals.event_id: “4688”
equals.log_name: Security
not.or: null
processors: null

Any ideas? I am loving Graylog but the collector has been the most fickle thing I’ve ever used.

Edit: Is this something I need to use a Snippet to accomplish?

jan · September 27, 2018, 7:24am

the Version 3.0 will have multiple improvements for the sidecar that will make your request possible.

Currently, I’m not sure if this is a filebeat issue (I assume you use filebeat as a collector with the sidecar) or not.

system · October 11, 2018, 7:36am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog Collector Alphabetizing JSON Array? Graylog Central (peer support) sidecar , winlogbeat	1	491	September 4, 2018
Sidecar + WinLogBeat: Problem with JSON? Graylog Central (peer support) sidecar , winlogbeat	1	875	August 3, 2017
Graylog 3.0 Winlogbeat help Graylog Central (peer support) sidecar , winlogbeat	2	3554	June 17, 2019
Logs are not in the order Graylog Central (peer support)	5	1178	September 27, 2018
Graylog Sidecar Winlogbeat Drop Event New to Graylog Community? READ-ME FIRST Guides sidecar , windows , winlogbeat	2	367	June 8, 2024