I am new to Graylog. We are moving from 2.2 to 3.1. Migrating our devices over, and we used extractors in 2.2 to parse data, however support indicated we should use pipeline rules as extractors will eventually be depreciated. Since I am new to graylog I figure I might as well start with pipelines. We have grok patterns in our old version that are working well to parse Netscreen logs, so as I believe I can reuse these in pipeline rules, but I am not quite sure what the syntex is. I have some guidelines provided by support but thought I would reach out here for some guidance - perhaps an example rule using a grok patter to accomplish the same.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.