I am logging event & iis logs at the moment but i do get alot of diffrent fields from each. I use nxlog shipper for both. I want to combine alot of field which are similar and filter the fields i dont need. I am quite new with graylog can some please help?
Please provide some examples with a description of what you want to achieve.
In general, you can use the processing pipelines for manipulating messages in Graylog.
Thanks for the replay, i have made an example as you can see with diffrent logs i have diffrent fields i have used template for diffrent logs. I want to minimize the fields to maximum of 20 fields. I have to comibe alot of fields because alot of the fields are the same the only have other name. (upload://j4xZH23NIchnQQ9YNFIy6Nab12n.png)
That upload doesn’t seem to have worked.
i will make some new example i see it is not readable sorry for that.
As you can see the logs in lift are alot smaller and the log on the right is just a topic on it is own. And if i turn off the node for each log it is parsing then i also get a shorter list of fields.
Sorry, I cannot recognize anything on that image.
Please upload separate screenshots or even better describe the example and what you want to achieve.
As you can see i have diffrent fields with diffrent inputs.(IIS & event & active directory) i want to have commen fields for all the types. I think i have to combine some fields and delete some fields…
Try reading up on the aforementioned processing pipelines and read related blog posts, such as:
thanks i will give it a try
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.