How to exclude log with pipeline?

Groucou · September 12, 2017, 10:35am

Hi everyone,

I would like to add pipeline to exclude automatically some logs ?
I think that I must use pipeline but I don’t know how ! I’m just beginning Graylog

For example I would like to exclude log with such host or source.

For information I receive all logs with JSON format.

jochen · September 12, 2017, 1:16pm

Yes, you can use the processing pipelines for that, see http://docs.graylog.org/en/2.3/pages/pipelines.html for details.

You can stop processing messages with the drop_message() function.

Groucou · September 12, 2017, 1:39pm

Ok thanks you for your answer but could you give me one example ?
I 'm not a good dev

I try for drop message :
rule "drop cronjob"
when
has_field(“application_name”) && to_string($message.application_name) == "CRON"
then
drop_message();
end

Is it correct for you ?

jan · September 12, 2017, 1:54pm

@Groucou

that should work

Groucou · September 12, 2017, 2:02pm

Ok thx and for my new pipeline

pipeline "My new pipeline"
stage 1 match all
rule “drop message”;
end

jochen · September 12, 2017, 3:00pm

Looks fine.

Why don’t you just try it out instead of asking if it’s fine?

Groucou · September 12, 2017, 3:05pm

Now yes

system · September 26, 2017, 3:06pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to drop or skip certain log events Graylog Central (peer support)	3	4856	June 8, 2017
Filter logs Received Graylog Central (peer support) documentation	4	162	August 8, 2024
Exclude source from graylog Graylog Central (peer support) pipeline-rules	12	2343	February 7, 2019
Filter specific or repated log in Graylog Graylog Central (peer support) pipeline-rules	3	476	February 24, 2021
Help needed for a pipeline rule Graylog Central (peer support) pipeline-rules	4	894	March 20, 2020

How to exclude log with pipeline?

Related topics