Help needed with combination and filtering fields


#1

I am logging event & iis logs at the moment but i do get alot of diffrent fields from each. I use nxlog shipper for both. I want to combine alot of field which are similar and filter the fields i dont need. I am quite new with graylog can some please help?


(Jochen) #2

Please provide some examples with a description of what you want to achieve.

In general, you can use the processing pipelines for manipulating messages in Graylog.


#3

Thanks for the replay, i have made an example as you can see with diffrent logs i have diffrent fields i have used template for diffrent logs. I want to minimize the fields to maximum of 20 fields. I have to comibe alot of fields because alot of the fields are the same the only have other name. (upload://j4xZH23NIchnQQ9YNFIy6Nab12n.png)


(Jochen) #4

That upload doesn’t seem to have worked.


#5

i thinks i do works now


#6

i will make some new example i see it is not readable sorry for that.


#7

As you can see the logs in lift are alot smaller and the log on the right is just a topic on it is own. And if i turn off the node for each log it is parsing then i also get a shorter list of fields.


(Jochen) #8

Sorry, I cannot recognize anything on that image.

Please upload separate screenshots or even better describe the example and what you want to achieve.


#9

As you can see i have diffrent fields with diffrent inputs.(IIS & event & active directory) i want to have commen fields for all the types. I think i have to combine some fields and delete some fields…


#10


#11


(Jochen) #12

Try reading up on the aforementioned processing pipelines and read related blog posts, such as:


#13

thanks i will give it a try


(system) #14

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.