I want to ignore messages in a metric between 00:00AM and 01:00AM using pipelines. I saw here I can do this through timestamp there, but don’t know exactly how to do this in the field:
rule “dont get message between 0000 and 0100”
when
set_field(“ts_hour”, (>=0 AND <=1)) //???
then
drop_message(message: $message);
end
How can I do this?
Thank you!
Now I can separate the hour with a pipeline, but when I try to search the query:
Application: Pingdom AND source: customer* AND full_message: “blahblahblah” NOT ts_hour:(>=0 AND <=1)
It returns nothing, even that I have the numbers in the search.
rule "Between 0 and 6 o'clock"
when
to_date($message.timestamp).hourOfDay >= 0 &&
to_date($message.timestamp).hourOfDay <= 6
then
set_field("trigger_alert", true);
end
take this as a starting point to create your own rule.
I tried something like I saw here:
rule “Pipeline on Timing”
when
to_long(to_date($message.timestamp).hourOfDay) >= 0 && to_long(to_date($message.timestamp).hourOfDay) <= 2
then
set_field(“Pipeline_Triggered_Condition”, true);
end
But when I try to filter in search, it returns nothing.
Application: OurApp AND source: customer AND Pipeline_Triggered_Condition: true;
False returns nothing too.
Did you connect your pipeline to stream? All messages or other stream?
If you use other, you have to confim that the stream processing success before the GL try to apply pipeline.
You can check it under system->config
Now it´s working. Thank you 
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
